Hi Tobi

Well, you actually *can* technically enforce TLS. I'm not saying that it would make any... but if you want to revive don quixote one more time... yes, you can.

I would be happy already if people would create working SPF records with enforcement for all domains  (and stop using outlook and thinking of exchange as a technologically sound mailserver)

Even big financial companies fail at creating SPF Records... and wonder why they have so many bounces.

I do have mandatory TLS for some domains... but not as a global requirement (although... in a perfect world...)

Tobias

-- 
E = M * C^2 +/- 3.2db

On 2 Feb 2018, at 11:22 , Tobi <tobster@brain-force.ch> wrote:

You cannot force any other party to apply YOUR policy to THEIR systems.
"Your server your rules, but my server my rules" :-)
Furthermore mandatory tls can fail for a bunch of other reasons except
from "not offering tls at all" ex no common cipher/tls version can be
negotiated.
I do mandatory tls on my servers too, but not globally. Just for
selected rcpt-domains/next-hops

Cheers

tobi

Am 02.02.2018 um 09:36 schrieb Peter Keel:
Hi

I get these errors:

| TLS is required, but was not offered by host mx1.datacomm.ch[212.40.2.32]

and

| TLS is required, but was not offered by host relay.kfsb.ch[213.202.32.8]

Since I've made TLS for SMTP mandatory. The respective admins of these servers
might want finally at least enable voluntary TLS; some of their customers
apparently would like to receive mails from my server.

And by the way, RFC 2487 that is referred to for instance in the postfix manpage
and stated that one must not make TLS mandatory has been obsoleted by RFC 3207.

Cheers
Seegras



_______________________________________________
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog