On Wed, Dec 27, 2023 at 06:45:27AM +0100, Ralph Seichter via Postfix-users 
wrote:
> * Viktor Dukhovni via Postfix-users:
> 
> > Microsoft ESMTP MAIL Service [...]
> 
> Gee, who woulda thunk? ;-) That being said, perhaps somebody on the
> "mailop" mailing list would be able to offer more insight? Some exotic
> extension, perhaps, or a weird application level firewall? I sure hope
> it is not a part of a M$ core product.

Well, the "bing.com" ChatGPT AI reports the text quoted below, but this
still sheds exceedingly little light on why someone believed that
STARTTLS promises a "valid" certificate, while X-ANONYMOUSTLS is somehow
needed for just unauthenticated opportunistic TLS (i.e. basic RFC3207
STARTTLS).  The whole thing looks like a design blunder, that perhaps is
expected to remain hidden within the "Exchange Organisation" away from
the prying eyes of outside observers (external SMTP clients)?  The only
good news is that (after apparently many years of this being a "thing")
I don't think there's any chance of anyone else needing to implement
this to become "interoperable".

    The **X-ANONYMOUSTLS** Extended SMTP extension is a feature used in
    **Exchange Server** environments. Let me provide you with some
    details:

    1. **Purpose**:
       - **X-ANONYMOUSTLS** is used to establish a secure channel for
         SMTP traffic between **Hub servers within the organization**
         and between **Hub and Edge servers** within the same
         organization.
       - It ensures that the communication is encrypted and secure.

    2. **Functionality**:
       - When enabled, **X-ANONYMOUSTLS** allows anonymous TLS
         connections between Exchange hubs and edge servers.
       - It is part of the **Microsoft proprietary SMTP extension**.

    3. **Usage**:
       - **Hub servers** use **X-ANONYMOUSTLS** to communicate securely
         with each other.
       - Similarly, **Hub and Edge servers** utilize it for secure SMTP
         traffic.

    4. **Documentation**:
       - You can find detailed information about the
         **Set-ReceiveConnector** cmdlet, which includes the
         **SuppressXAnonymousTls** parameter controlling the
         **X-ANONYMOUSTLS** extension, in the Microsoft Learn
         documentation¹.
       - Additionally, there are discussions on community forums, such
         as this Technet thread², where users share insights and
         experiences related to this extension.

    Remember that **X-ANONYMOUSTLS** is specific to Exchange
    environments, and its usage may vary based on your organization's
    setup.

    Source: Conversation with Bing, 27/12/2023 (1) Set-ReceiveConnector
    (ExchangePowerShell) | Microsoft Learn.
    
https://learn.microsoft.com/en-us/powershell/module/exchange/set-receiveconnector?view=exchange-ps.
    (2) How X-ANONYMOUSTLS extension is different from STARTTLS SMTP
    extension?.
    
https://social.technet.microsoft.com/Forums/exchange/en-US/2a83f959-3a52-4b7d-9e21-3843b77fde9c/how-xanonymoustls-extension-is-different-from-starttls-smtp-extension.
    (3) Exchange General FAQ3 - social.technet.microsoft.com.
    
https://social.technet.microsoft.com/forums/exchange/en-US/0752c1fc-1a6b-4c42-a10a-a280db2f59b8/exchange-general-faq3.

-- 
    Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to