On Fri, Aug 13, 2021 at 04:20:59PM +0200, Josh Good <postfix.2016...@naleco.com> wrote:
> Hello, to follow up on this issue regarding Rhenus.com and TLS 1.2, > I confirm that mail flow to them without using the STARTTLS verb in the > SMTP transaction, is working fine. So it looks like plain text SMTP is > still allowed by their publicly-referenced SMTP servers. > > So at first sight it looks like Viktor's interpretation of Rhenus' > communication was right. Yes, doing what they actually seemed to be saying would have been a disaster waiting for a quick rollback. They couldn't've really meant what they said. > However, upon further inspection, it appears that the publicly-referenced > SMTP servers of Rhenus.com are still supporting TLS 1.0, which could be > read as they not following through with their original notice of only > supporting TLS 1.2 in SMTP from August 1st onwards. > [...] > > Perhaps they re-evaluated their decision and are keeping TLS 1.0 for > SMTP? Who knows! > > Regards, > -- > Josh Good According to the hardenize.com security bingo site, they get a green box for their mail server TLS, even though they support TLSv1.0 (yellow), because they don't support anonymous ciphers (red). If they were supporting anonymous ciphers, it would get a yellow/amber box overall. https://www.hardenize.com/report/rhenus.com Anonymous ciphers would be supported by default. So maybe they stopped supporting them. Or maybe they didn't support them earlier either, and they haven't actually done anything. cheers, raf
