You can't force encryption on smtp or your system fails with clients without ssl enabled.
Anyway, it's insane to receive PANs (credit card numbers) via email. Stop doing that. Eero On Thu, Jan 2, 2020 at 8:05 PM James B. Byrne <byrn...@harte-lyne.ca> wrote: > > > On Thu, January 2, 2020 12:35, Bastian Blank wrote: > > On Thu, Jan 02, 2020 at 12:16:33PM -0500, James B. Byrne wrote: > >> We recently were forced by our PCI compliance audit to change our > >> permissible ciphers. I speculate that this is the source of our > >> problem. Our revised cipher list is: > > > > Don't, as long as you don't enforce encryption as well. > > > >> I would appreciate any guidance as to how to correct this issue > >> without running afoul of the PCI DSS. > > > > Don't use mail to transport payment data, so PCI is not applicable. > > > This advice is not helpful. It is not what we are sending but rather > what we are receiving. We have no control over the information that > our clients send us. PCI DSS exists to deal with this sort of thing. > > -- > *** e-Mail is NOT a SECURE channel *** > Do NOT transmit sensitive data via e-Mail > Do NOT open attachments nor follow links sent by e-Mail > > James B. Byrne mailto:byrn...@harte-lyne.ca > Harte & Lyne Limited http://www.harte-lyne.ca > 9 Brockley Drive vox: +1 905 561 1241 > Hamilton, Ontario fax: +1 905 561 0757 > Canada L8E 3C3 > >
