On Fri, Mar 06, 2020 at 05:51:19AM -0800, Doug Hardie wrote:
> > An interesting question in your case is what fraction of the TLSv1
> > connections are non-spam. Perhaps you're able to correlate the TLSv1
> > connections with legitimate vs. junk email.
>
> Results for 3 weeks of log files:
>
> TLSv1 spam = 1182 ham = 1147
> TLSv1.1 spam = 74 ham = 6
> TLSv1.2 spam = 24355 ham = 10461
> TLSv1.3 spam = 4453 ham = 2305
>
> Note, that the definition of spam is there is a NOQUEUE entry for that
> IP address in the log files. Hence this is an approximation as it is
> possible that the RBLs entries could have changed during those 3
> weeks. Also, I don't know what emails the recipients considered spam.
> Only 2 users have mailboxes on my servers. The others are elsewhere.
Thanks for the data points. So TLSv1 is not all spam, and so still
likely best left enabled a bit longer. Unless it was all Postfix list
traffic. :-) The folks at Cloud9 have not been keeping up with the
Joneses with their TLS stack versions, some day soon TLSv1 will actually
be turned off more broadly, and they'll have to upgrade or disable TLS
entirely...
--
Viktor.
