Re: [exim] Should MX offer TLS ?

Dean Brooks wrote:
> On Wed, Nov 07, 2007 at 03:59:25PM +0000, Mike Cardwell wrote:
>
>> Dean Brooks wrote:
>>
>>
>>>>> Any obvious pitfalls in supporting TLS on port 25 of the MX servers ?
>>>>> Are folk just turning it off to save CPU ?
>>>>>
>>>> I advertise TLS on my non submission ports here for a very different
>>>> reason to those stated. I treat hosts that look like real mail servers
>>>> differently. TLS is a very good indicator that the connecting host is a
>>>> real mail server; not just another trojaned machine. I don't greylist
>>>> real mail servers.
>>>>
>>> I guess it depends on your view. In my experience, an MTA that sends
>>> to MX with TLS is one that is probably not managed by someone with
>>> very much experience and would more likely be a potential source of
>>> trouble.
>>>
>> I fail to see any connection between a mail server sending over TLS, and
>> the experience of the admin of the server. I also fail to see the
>> usefulness of making that connection. It's not something you could ever
>> filter on.
>>
>
> Because it indicates the admin of that mail server probably didn't
> intentionally enable TLS for remote connections and just used the
> server defaults. There are quite a number of servers out there
> that inexplicibably insist on using TLS if advertised for MX
> deliveries.
>
> True, you wouldn't filter on it. I agree. My reply was simply stating
> that one also shouldn't *whitelist* based upon it either.
>
>

This has me curious, I'm going to try and compute a probability that a
messages is/is not spam based on if the sending server uses TLS.
Probablities will be calculated based on results of our existing filters
and will not be influenced by the data collected.

I'll post results to the list after approximately 24 hours.

Bryan Rawlins
Systems Administrator
OnlyMyEmail, Inc.