Mark Constable writes:
On 27/05/16 02:20, Matus UHLAR - fantomas wrote: >> Some lame govt mailservers are still using SSL23... >> "SSL23_GET_SERVER_HELLO:tlsv1 alert decode error" >> and rather than whitelist them I'm sure I used to just disable SSL >> via /etc/courier/esmtpd altogether (currently using v0.68.2)... > > why not whitelisting? Why to avoid security just because some can't > cope with it?We only use authenticated relaying via 465/SSL and 587/TLS so none of our clients use port 25 for auth/relay. The problem is our client recipient has to contact our support which then asks them for a copy of the error, then I get it, then I have to squirrel around in the mail logs to determine IP/hosts and hope a dig mx finds the right mailserver etc then whitelists that server/mx and cross my fingers I got all that right and our client can continue on their merry way.
Do you know for sure that the sender bounces the mail if it can't negotiate SSL; that the sender does not fallback to unencrypted?
pgpyNJOyiCXkz.pgp
Description: PGP signature
------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
