"@lbutlr" <krem...@kreme.com> writes:
> On 12 Apr 2019, at 08:46, micah anderson <mi...@riseup.net> wrote:
>> he site https://hardenize.com provides relatively decent Email reports,
>> along with other reports. It checks a number of things including certs,
>> MTA-STS, TLS-RPT, DANE, SPF, DMARC, and then also TLS. These are all
>> good checks and recommendations, with the exception of the TLS one, I do
>> not see how its possible to meet their standards, and provide an email
>> server on the internet. However, I could be wrong, so I'm interested to
>> know if I am.
>
> I'm not impressed. It complains that STARTTLS is not available on my server.
> It is true it is not available on port 25, ut is available on port 587 where
> it should be.
Since they are not testing submission, this seems correct.
You have disabled STARTTLS on port 25 and only accept unencrypted
connections there?
--
micah
