-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Tue, 2017-07-11 at 19:50 +0000, John Levine wrote:
> Doesn't matter -- the "transparent" filters force all of the > connections to the provider's filtering host, so if there's a TLS > connection, it terminates at the filtering host. That sort of proxy will break some of your outbound mail if your mail server checks for DNSSEC/TLSA records, and the recipient domain has published those. Try sending mail to comcast.net from such a connection. Of course, using mail software that uses the TLSA records. dig comcast.net mx +short 5 mx2.comcast.net. 5 mx1.comcast.net. dig _25._tcp.mx1.comcast.net tlsa +short 3 1 1 90E2F742B459860C0BBF1343B5A36BC5842A3F45056D30BF25DBB475 A62ECA47 But the provider can still count the number of outbound TCP SYN packets to port 25. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlllSBgACgkQL6j7milTFsH3ygCeIKAsfN/sGnTC06fqIF3BD029 8acAn0fPPLo7UtN24FER0AKfCLWLoK/N =opHr -----END PGP SIGNATURE----- _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
