On 05/09/2019 11:32, gil...@poolp.org wrote:
could be interesting to implement a tls builtin filter, so you could:

     filter check-tls phase mail-from match !tls junk

and flag non tls options as spam, without discarding them completely

You know, I was hoping you'd say that! :D

I would so very much like to run with TLS only, but alas I have people here that need all these plain text private mails from their banks etc. :P

I've already started to send out mails to point it out to them (bank, government institutions, etc). Even our old QMail (RIP) had TLSv1 in it. There's just no excuse.

And the most absurd fact. Postfix needs a setting to turn on opportunistic TLS on outgoing mail. They default to none.

Oh I'm angry today. In a positive way! :)


September 5, 2019 8:38 AM, "Reio Remma" <r...@mrstuudio.ee> wrote:

On 02/09/2019 18:37, Reio Remma wrote:

On 02/09/2019 18:36, Reio Remma wrote:

Now I ended up switcing to tls-require on port 25. I wonder how much >> spam 
that will take down!
Well, that's depressing.

On the spam front - requiring TLS apparently cuts off about 99% of spam 
(SpamAssassin is
practically out of work), but we do get the occasional legit non-TLS connection 
and I'm having to
switch back to optional TLS. :/

So TLS is 20 years old but they're (banks etc) still sending somewhat private 
info in plain text.

'twas fun while it lasted. :)

I'm going to start schooling them one by one.


Reply via email to