Web lists-archives.com

Re: openssl/libssl1 in Debian now blocks offlineimap?




On Thu, Aug 24, 2017 at 01:45:02PM +0000, Bernhard Schmidt wrote:
> The point was, even if all Debian based MTAs disabled
> TLSv1.0/TLSv1.1 leading to delivery issues a very large portion of
> senders won't fix their servers. They simply won't give a damn. Unless
> Google and Microsoft do the same, in which case they suddenly cannot
> reach >50% of their targets anymore and are forced ot fix their side.
> 
> The suggested procedure for Buster (disable TLSv1.0/TLSv1.1, then
> contact everyone who breaks due to this) is not viable for email. This
> will prevent public servers from testing Buster for the whole time.

Fortunately, our default MTA uses gnutls, but it's not nice to screw postfix
users.

In the real world, refusing mails from even one customer or business
partner, no matter how pants-on-the-head-retarded their mail setup is, is
simply not an option.

Their answer will be "your server is broken as my mail works elsewhere, it's
your fault", no matter how much you preach TLS safety.


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢰⠒⠀⣿⡁ Vat kind uf sufficiently advanced technology iz dis!?
⢿⡄⠘⠷⠚⠋⠀                                 -- Genghis Ht'rok'din
⠈⠳⣄⠀⠀⠀⠀