>On 27/05/16 02:20, Matus UHLAR - fantomas wrote: >>> Some lame govt mailservers are still using SSL23... >>> "SSL23_GET_SERVER_HELLO:tlsv1 alert decode error" >>> and rather than whitelist them I'm sure I used to just disable SSL >>> via /etc/courier/esmtpd altogether (currently using v0.68.2)... >> >> why not whitelisting? Why to avoid security just because some can't >> cope with it?
On 27.05.16 13:07, Mark Constable wrote: >We only use authenticated relaying via 465/SSL and 587/TLS so none >of our clients use port 25 for auth/relay. The problem is our client >recipient has to contact our support which then asks them for a copy >of the error, then I get it, then I have to squirrel around in the >mail logs to determine IP/hosts and hope a dig mx finds the right >mailserver etc then whitelists that server/mx and cross my fingers >I got all that right and our client can continue on their merry way. Aha... doesn't couriertls produce an error when too low tls version is tried by the client? >I don't know how to check what percentage of port 25 mailserver to >mailserver connections may be SSL encrypted to justify leaving SSL >on port 25 for server to server connections. Would you (or anyone) >have any idea how many mailservers are successfully connecting to >each other via SSL these days? % grep relay= /var/log/mail | grep sm-mta | grep -c STARTTLS=server 261 % grep relay= /var/log/mail | grep sm-mta | grep -c from= 1007 % grep relay= /var/log/mail.1 | grep sm-mta | grep -c from= 1349 % grep relay= /var/log/mail.1 | grep sm-mta | grep -c STARTTLS=server 296 that gives some 25% -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759 ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users