Author: Mike Cardwell Date: To: Exim Mailing List Subject: Re: [exim] Should MX offer TLS ?
Dean Brooks wrote:
>>> However I'm noticing many such sites with the above setup who don't offer
>>> TLS on port 25 of the MX servers. Is there a particular reason for this ?
>>>
>>> Any obvious pitfalls in supporting TLS on port 25 of the MX servers ?
>>> Are folk just turning it off to save CPU ?
>> I advertise TLS on my non submission ports here for a very different
>> reason to those stated. I treat hosts that look like real mail servers
>> differently. TLS is a very good indicator that the connecting host is a
>> real mail server; not just another trojaned machine. I don't greylist
>> real mail servers.
>
> I guess it depends on your view. In my experience, an MTA that sends
> to MX with TLS is one that is probably not managed by someone with
> very much experience and would more likely be a potential source of
> trouble.
I fail to see any connection between a mail server sending over TLS, and
the experience of the admin of the server. I also fail to see the
usefulness of making that connection. It's not something you could ever
filter on.