Mark Constable writes:

On 27/05/16 02:20, Matus UHLAR - fantomas wrote:
>> Some lame govt mailservers are still using SSL23...
>> "SSL23_GET_SERVER_HELLO:tlsv1 alert decode error"
>> and rather than whitelist them I'm sure I used to just disable SSL
>> via /etc/courier/esmtpd altogether (currently using v0.68.2)...
>
> why not whitelisting? Why to avoid security just because some can't
> cope with it?

We only use authenticated relaying via 465/SSL and 587/TLS so none
of our clients use port 25 for auth/relay. The problem is our client
recipient has to contact our support which then asks them for a copy
of the error, then I get it, then I have to squirrel around in the
mail logs to determine IP/hosts and hope a dig mx finds the right
mailserver etc then whitelists that server/mx and cross my fingers
I got all that right and our client can continue on their merry way.

Do you know for sure that the sender bounces the mail if it can't negotiate SSL; that the sender does not fallback to unencrypted?

Attachment: pgpyNJOyiCXkz.pgp
Description: PGP signature

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to