On 31.01.21 09:56, Daniel Armando Rodriguez wrote:
Indeed, it was running chrooted but resolv.conf has the same content
=== # postconf -nf
smtp_tls_protocols = TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3
On 08 Feb 2021, at 06:20, Matus UHLAR - fantomas <uh...@fantomas.sk> wrote:
this is superflous and not a good idea. Many servers support TLS1.0 max.
!SSLv2, !SSLv3 should be enough for now.
On 09.02.21 03:53, @lbutlr wrote:
Both TLSv1 and TLSv1.1 are end-of-life, so it is reasonable as no servers
should be supporting.
Now, is it needed? That's another question. There are no servers that
connected to me today with TLSv1 or TLSv1.1. Looking over the last few
days, I see connections rom servers I do not accept mail from, so it looks
to me based on my logs that I could easily reject TLSv1 or TLSv1.1 without
missing a single mail.
I still see connections to my mail server using TLSv1.0.
That means, disabling it would make those servers go plaintext.
Encryption is not mandatory on server-server SMTP.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759
