> On Mar 31, 2026, at 4:11 PM, Jaroslaw Rafa via Postfix-users > <[email protected]> wrote: > > Dnia 31.03.2026 o godz. 14:23:12 Dan Mahoney via Postfix-users pisze: >> I also think this is all theater right now, as in the absence of MTA/STS, >> postfix could refuse to talk <tls1.2 and the result would be "mail being >> delivered in the clear". (We have not yet moved to requiring TLS via >> MTA-STS). >> >> So my question: Are the defaults (>=TLSv1) still sane? Or is it "worth" >> turning this up to >=TLSv1.2? > > It's just a stupid company applying some stupid checklist (probably meant > for HTTPS) to something they don't understand. As usual with all those > "rating", "assessing" or "scoring" companies - they usually don't understand > what they're talking about, regardless of the matter, and the companies that > understand even less trust them blindly, nobody knows why.
To spill some (unrelated to postfix) tea, they also had "findings" because their scans indicated there was "an FTP server found" on our network. You know, the one where we distribute BIND? And...the master usenet groups file? Trust me, the lack of clue is strong, but this is about Optics, unfortunately. -Dan _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
