Just my 5 cents:
As a small mail operator (10K mails/day) we disabled <TLS1.2 on our relayhosts in Oct 20. And we forced DH only ciphers inbound on submission. Outbound we also only speak TLS1.2 but have one fallback cipher as not all can handle DH-only ciphers. Over the last 3 month, we have out of 10K mails/day, around 20-30 mails a day, that fail. However our users receive a hand-craftet reply from our MTAs that shows how to get through in a one-shot way(one time TLS bypass) and how they should talk to the recipients IT department and we provice additionial informations for other mail admins. So far, we are very happy with this step and our customers usually understand, that the problem lies on recipients end. One pusher for this is the european DSGVO/GDPR. So it's not a matter of wanting to have strong encryption, it's usually a must for most of the mails in German/EU and i like it. Stefan
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
