> On Feb 16, 2021, at 3:57 PM, Dominic Raferd <domi...@timedicer.co.uk> wrote:
>
>> In what way does that improve your security over the default, which
>> allows 1.0 and 1.1?
> As stated this is for auth clients i.e. our own people, using SMTPS or
> STARTTLS. There is no problem for us in enforcing it for them, they don't use
> old MTAs anyway and if they did this would force them to upgrade, which would
> be good. This also seems to be the OP's scenario (as his logs imply the
> problem comes from submission port i.e. 587). We use standard postfix
> settings for permitted protocols for outsider emails (port 25) because (as
> frequently advised here) lower security is better than no security at all. HTH
Yes, on the submission port, dropping support for TLS < 1.2
is much more reasonable, because presumably you can make
informed judgements as to what software the authorised users
have at their disposal.
--
Viktor.
