> On 12 Apr 2019, at 10:42, micah anderson <mi...@riseup.net> wrote:
>
> "@lbutlr" <krem...@kreme.com> writes:
>
>> On 12 Apr 2019, at 08:46, micah anderson <mi...@riseup.net> wrote:
>>> he site https://hardenize.com provides relatively decent Email reports,
>>> along with other reports. It checks a number of things including certs,
>>> MTA-STS, TLS-RPT, DANE, SPF, DMARC, and then also TLS. These are all
>>> good checks and recommendations, with the exception of the TLS one, I do
>>> not see how its possible to meet their standards, and provide an email
>>> server on the internet. However, I could be wrong, so I'm interested to
>>> know if I am.
>>
>> I'm not impressed. It complains that STARTTLS is not available on my server.
>> It is true it is not available on port 25, ut is available on port 587 where
>> it should be.
>
> Since they are not testing submission, this seems correct.
It is not correct to classy this as a warning.
> You have disabled STARTTLS on port 25 and only accept unencrypted
> connections there?
Actually, no. STARTTLS is on port 25 for servers, but hardenize reports it's
not available, which for some reason this morning I thought was an indication
it was testing it as a login feature. I do not allow logins on port 25.
I've since closed the window on hardenize, so I can't easily check what the
specific warning text was.
--
Reality is not a matter of opinion.
