James Cloos <[email protected]> wrote: > > My primary MX shows about 1/8 of my recent mail came from MXs which > presented a cert signed by something in my dist's root pool, and about > 3/8 were anonymous tls, leaving about 1/2 clear text. FWIW.
Client certificates? I thought they were nonexistent for mail to MXs. Years ago when I did some preliminary experiments to prepare for enabling TLS support on our servers, I turned on an option for the server to request a client certificate. (TLS clients do not send their certificates unless asked.) This was supposed to be optional, but many clients treated it as a demand and aborted the connection, which was not what I wanted. (It implied you can't support password authentication and certificate authentication on the same server.) So I would be wary of turning on the same option on an MX! Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first. _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
