On 9/2/2011 2:17 PM, Michael B Allen wrote: > My objectives are not driven by or based on logic. They are based on > the requirements of a consortium of credit card companies and banks.
Do they require you to offer STARTTLS on port 25? ISTR that they don't; I think they only require that if TLS is offered, SSLv2 is not. If that's true, just disable opportunistic STARTTLS. If you have eg. clients that require TLS for submission, enable port 587/submission (and/or legacy 465/smtps) and use mandatory encryption on that port. -- Noel Jones
