> On 5 March 2020, at 17:15, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > > On Thu, Mar 05, 2020 at 03:57:59PM -0800, Doug Hardie wrote: > >> Small mail server with 3 weeks of logs: >> >> 1761 TLSv1 >> 18 TLSv1.1 >> 20414 TLSv1.2 >> 6343 TLSv1.3 >> >> That's not what I expected. I thought v1 and v1.1 would be reversed. >> There is a complete spectrum of ciphers being used with v1 including >> some of the most recent. I am using the defaults for the protocols >> and ciphers. > > The reversal is expected, the most widely used TLS implementations that > support TLSv1.1 also support TLSv1.2, and so you see very little use of > TLSv1.1. The ancient stacks that haven't yet adopted TLS1.2, mostly > never got to TLSv1.1 either. > > An interesting question in your case is what fraction of the TLSv1 > connections are non-spam. Perhaps you're able to correlate the TLSv1 > connections with legitimate vs. junk email.
Results for 3 weeks of log files: TLSv1 spam = 1182 ham = 1147 TLSv1.1 spam = 74 ham = 6 TLSv1.2 spam = 24355 ham = 10461 TLSv1.3 spam = 4453 ham = 2305 Note, that the definition of spam is there is a NOQUEUE entry for that IP address in the log files. Hence this is an approximation as it is possible that the RBLs entries could have changed during those 3 weeks. Also, I don't know what emails the recipients considered spam. Only 2 users have mailboxes on my servers. The others are elsewhere. -- Doug
