Author: Exim Mailing List Date: To: Mike Cardwell CC: Exim Mailing List Subject: Re: [exim] Should MX offer TLS ?
On Wed, Nov 07, 2007 at 03:59:25PM +0000, Mike Cardwell wrote: > Dean Brooks wrote:
>
> >>> Any obvious pitfalls in supporting TLS on port 25 of the MX servers ?
> >>> Are folk just turning it off to save CPU ?
> >> I advertise TLS on my non submission ports here for a very different
> >> reason to those stated. I treat hosts that look like real mail servers
> >> differently. TLS is a very good indicator that the connecting host is a
> >> real mail server; not just another trojaned machine. I don't greylist
> >> real mail servers.
> >
> > I guess it depends on your view. In my experience, an MTA that sends
> > to MX with TLS is one that is probably not managed by someone with
> > very much experience and would more likely be a potential source of
> > trouble.
>
> I fail to see any connection between a mail server sending over TLS, and
> the experience of the admin of the server. I also fail to see the
> usefulness of making that connection. It's not something you could ever
> filter on.
Because it indicates the admin of that mail server probably didn't
intentionally enable TLS for remote connections and just used the
server defaults. There are quite a number of servers out there
that inexplicibably insist on using TLS if advertised for MX
deliveries.
True, you wouldn't filter on it. I agree. My reply was simply stating
that one also shouldn't *whitelist* based upon it either.