On 12 Apr 2019, at 11:47, @lbutlr wrote:
On 12 Apr 2019, at 08:46, micah anderson <mi...@riseup.net> wrote:
he site https://hardenize.com provides relatively decent Email
reports,
along with other reports. It checks a number of things including
certs,
MTA-STS, TLS-RPT, DANE, SPF, DMARC, and then also TLS. These are all
good checks and recommendations, with the exception of the TLS one, I
do
not see how its possible to meet their standards, and provide an
email
server on the internet. However, I could be wrong, so I'm interested
to
know if I am.
I'm not impressed. It complains that STARTTLS is not available on my
server. It is true it is not available on port 25, ut is available on
port 587 where it should be.
Are you confusing STARTTLS and AUTH???
There's no need for AUTH on 25 if you have a working 587 or 465 service
for submission.
It is a good idea to enable STARTTLS on port 25 if you don't want
inbound SMTP to be sniffable on the wire.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole
