On Wed, Nov 07, 2007 at 03:59:25PM +0000, Mike Cardwell wrote: > Dean Brooks wrote: > > >>> Any obvious pitfalls in supporting TLS on port 25 of the MX servers ? > >>> Are folk just turning it off to save CPU ? > >> I advertise TLS on my non submission ports here for a very different > >> reason to those stated. I treat hosts that look like real mail servers > >> differently. TLS is a very good indicator that the connecting host is a > >> real mail server; not just another trojaned machine. I don't greylist > >> real mail servers. > > > > I guess it depends on your view. In my experience, an MTA that sends > > to MX with TLS is one that is probably not managed by someone with > > very much experience and would more likely be a potential source of > > trouble. > > I fail to see any connection between a mail server sending over TLS, and > the experience of the admin of the server. I also fail to see the > usefulness of making that connection. It's not something you could ever > filter on.
Because it indicates the admin of that mail server probably didn't intentionally enable TLS for remote connections and just used the server defaults. There are quite a number of servers out there that inexplicibably insist on using TLS if advertised for MX deliveries. True, you wouldn't filter on it. I agree. My reply was simply stating that one also shouldn't *whitelist* based upon it either. -- Dean Brooks [EMAIL PROTECTED] -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
