On Wed, Dec 27, 2023 at 06:45:27AM +0100, Ralph Seichter via Postfix-users wrote: > * Viktor Dukhovni via Postfix-users: > > > Microsoft ESMTP MAIL Service [...] > > Gee, who woulda thunk? ;-) That being said, perhaps somebody on the > "mailop" mailing list would be able to offer more insight? Some exotic > extension, perhaps, or a weird application level firewall? I sure hope > it is not a part of a M$ core product.
Well, the "bing.com" ChatGPT AI reports the text quoted below, but this still sheds exceedingly little light on why someone believed that STARTTLS promises a "valid" certificate, while X-ANONYMOUSTLS is somehow needed for just unauthenticated opportunistic TLS (i.e. basic RFC3207 STARTTLS). The whole thing looks like a design blunder, that perhaps is expected to remain hidden within the "Exchange Organisation" away from the prying eyes of outside observers (external SMTP clients)? The only good news is that (after apparently many years of this being a "thing") I don't think there's any chance of anyone else needing to implement this to become "interoperable". The **X-ANONYMOUSTLS** Extended SMTP extension is a feature used in **Exchange Server** environments. Let me provide you with some details: 1. **Purpose**: - **X-ANONYMOUSTLS** is used to establish a secure channel for SMTP traffic between **Hub servers within the organization** and between **Hub and Edge servers** within the same organization. - It ensures that the communication is encrypted and secure. 2. **Functionality**: - When enabled, **X-ANONYMOUSTLS** allows anonymous TLS connections between Exchange hubs and edge servers. - It is part of the **Microsoft proprietary SMTP extension**. 3. **Usage**: - **Hub servers** use **X-ANONYMOUSTLS** to communicate securely with each other. - Similarly, **Hub and Edge servers** utilize it for secure SMTP traffic. 4. **Documentation**: - You can find detailed information about the **Set-ReceiveConnector** cmdlet, which includes the **SuppressXAnonymousTls** parameter controlling the **X-ANONYMOUSTLS** extension, in the Microsoft Learn documentation¹. - Additionally, there are discussions on community forums, such as this Technet thread², where users share insights and experiences related to this extension. Remember that **X-ANONYMOUSTLS** is specific to Exchange environments, and its usage may vary based on your organization's setup. Source: Conversation with Bing, 27/12/2023 (1) Set-ReceiveConnector (ExchangePowerShell) | Microsoft Learn. https://learn.microsoft.com/en-us/powershell/module/exchange/set-receiveconnector?view=exchange-ps. (2) How X-ANONYMOUSTLS extension is different from STARTTLS SMTP extension?. https://social.technet.microsoft.com/Forums/exchange/en-US/2a83f959-3a52-4b7d-9e21-3843b77fde9c/how-xanonymoustls-extension-is-different-from-starttls-smtp-extension. (3) Exchange General FAQ3 - social.technet.microsoft.com. https://social.technet.microsoft.com/forums/exchange/en-US/0752c1fc-1a6b-4c42-a10a-a280db2f59b8/exchange-general-faq3. -- Viktor. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org