Too early yet.. (to enforce globally)
But start selectively forcing it for the bigger players known to support
this..
On 2020-08-26 9:50 a.m., Scott Mutter via mailop wrote:
How many mail operators out there are forcing outbound SMTP
communications to use TLS? Is this a common practice now? I know
secure everything and TLS everywhere is a popular movement at this moment.
I've noticed that Constant Contact (constantcontact.com
<http://constantcontact.com> - at least the mail server
at 205.207.104.108) and yahoo.co.jp <http://yahoo.co.jp> (67.195.204.74)
don't appear to be accepting STARTTLS. Is that strange?
yahoo.com <http://yahoo.com> appears to handle STARTTLS but yahoo.co.jp
<http://yahoo.co.jp> does not. There may be other country/region
specific Yahoo domains that don't.
I'm just wondering if that is common. Perhaps the administrators of
these mail servers are unaware of this? Constant Contact - whose
primary purpose would seem to be to insure mail delivering - not
accepting STARTTLS seems extremely strange.
I've been toying with the idea of forcing outbound SMTP connections to
use TLS, but thought I'd take a quick look and see who might miss mail
if this done. It looks like most mail servers handle TLS, I haven't
extended this test to a lot of servers yet so it may just be that the
mail servers I have enacted this on are small volume senders.
I should note, forcing TLS is different from preferring TLS. I think a
lot of MTAs (at least Exim, I think?) prefer TLS and will attempt to
negotiate a STARTTLS session, but if that fails, then it will continue
without TLS. By forcing TLS, I'm telling my server to close the
connection if a STARTTLS session can't be started. Are any other mail
server admins doing this? Or is it still too early to require this?
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop