Curtis Villamizar via Postfix-users:
> How feasible (or infeasible) is it today to configure manditory TLS
> encryption on a public facing server? Are there any stats on the
> percentage of mail servers that don't support TLS and the percentage
> of known large volume mail servers that don't support TLS (I suspect
> zero on the latter)?
There are two levels of outbound TLS enforcement:
- Unauthenticated TLS (just piss off the NSA etc.) - likely works.
- Authenticated TLS (actual security) - not by a long shot.
Postfix 3.11 introduces TLS status logging; if you make *your* MTA's
outbound TLS (and REQUIRETLS) opportunistic, the Postfix SMTP client
will log what level of security is possible.
Postfix REQUIRETLS_README has recommendations to use a policy plugin
to enforce secure TLS for the few domains that actually support it,
and to leave enforcement opportunistic for all oher destinations.
Wietse
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
