Hello everybody. I've been made aware of this communication recently received at some site whose email is managed on-premises (i.e., not outsourced to any big mailbox provider in the "cloud"):
> From: Rhenus Logistics <no_re...@es.rhenus.com> > Sent: 30 June 2021 17:05 > To: [omitted] > Subject: Email con TLS inferior a 1.2 / Email with TLS less than 1.2 > > Good Afternoon, > We inform you that due to Rhenus security policies, as of 08/01/2021 > receiving of emails that do not comply with version 1.2 of the TLS > protocol will be restricted. > All emails sent in particular to the domain @es.rhenus.com and in > general to any Rhenus domain @*.rhenus.com must be sent with the TLS > 1.2 protocol or higher. > Any mail received without fulfilling this condition will be rejected > by our server. > Please forward this message to your IT department for consideration > and action. > If you have any questions, please head over your Rhenus contact > > IT //SERVICES The above could mean that starting 08/01/2021 their TLS support will only support TLS 1.2 (and not any earlier TLS version) with their inbound SMTP servers remaining configured in "opportunistic TLS" mode --- or it could be read as if they will enable "smtpd_enforce_tls = yes" (or "smtpd_tls_security_level = encrypt") in their inbound SMTP servers (I don't know if they are using Postfix, but you get what I mean). If the case is the second one, is that a current trend? Has rfc2487 been obsoleted and mandatory TLS is now considered "industry standard" in publicly-referenced SMTP server? I've tried to contact Rhenus IT Services to inquire about this, but my phone calls haven't gone through. So I thought I may as well ask this list if this a single case or the "new normal"... Regards, -- Josh Good
