Enabling RequireTLS on Exchange Send Connectors

Dashrender

The above rules did work.

Dashrender

Well - today we have a hospital that doesn't have opportunistic enabled - they claim they have TLS enabled for outbound, but refuse it for inbound, nice.

They are looking into fixing this.

BRRABill

But everyone has it. It's a simple check box.

(SARCASM for @scottalanmiller )

Dashrender

@BRRABill said in Enabling RequireTLS on Exchange Send Connectors:

But everyone has it. It's a simple check box.

(SARCASM for @scottalanmiller )

In most of the cases where I've called, they have claimed misconfiguration as the reason it didn't work. In the cases of Cox and Internet Nebraska - both of these vendors purposefully made the choice to not have it.

Dashrender

The use of Require TLS is so low, that many SMTP providers will never realize they are misconfigured, or if there are problems caused by their security appliances, like the case of Cisco ASAs.

scottalanmiller

@Dashrender said in Enabling RequireTLS on Exchange Send Connectors:

@BRRABill said in Enabling RequireTLS on Exchange Send Connectors:

But everyone has it. It's a simple check box.

(SARCASM for @scottalanmiller )

In most of the cases where I've called, they have claimed misconfiguration as the reason it didn't work. In the cases of Cox and Internet Nebraska - both of these vendors purposefully made the choice to not have it.

WHich should have instantly caused any IT or business person to have avoided using them.

Dashrender

@scottalanmiller said in Enabling RequireTLS on Exchange Send Connectors:

@Dashrender said in Enabling RequireTLS on Exchange Send Connectors:

@BRRABill said in Enabling RequireTLS on Exchange Send Connectors:

But everyone has it. It's a simple check box.

(SARCASM for @scottalanmiller )

In most of the cases where I've called, they have claimed misconfiguration as the reason it didn't work. In the cases of Cox and Internet Nebraska - both of these vendors purposefully made the choice to not have it.

WHich should have instantly caused any IT or business person to have avoided using them.

Are you talking about cox and Internet Nebraska, or all of them, including those who were misconfigured?

scottalanmiller

@Dashrender said in Enabling RequireTLS on Exchange Send Connectors:

@scottalanmiller said in Enabling RequireTLS on Exchange Send Connectors:

@Dashrender said in Enabling RequireTLS on Exchange Send Connectors:

@BRRABill said in Enabling RequireTLS on Exchange Send Connectors:

But everyone has it. It's a simple check box.

(SARCASM for @scottalanmiller )

In most of the cases where I've called, they have claimed misconfiguration as the reason it didn't work. In the cases of Cox and Internet Nebraska - both of these vendors purposefully made the choice to not have it.

WHich should have instantly caused any IT or business person to have avoided using them.

Are you talking about cox and Internet Nebraska, or all of them, including those who were misconfigured?

Cox and Nebraska. By refusing to properly configure email security they are "bad actors" and should not be allowed to be involved in any way. They are the enemy that we should protect against, not do business with.

Dashrender

@scottalanmiller said in Enabling RequireTLS on Exchange Send Connectors:

@Dashrender said in Enabling RequireTLS on Exchange Send Connectors:

@scottalanmiller said in Enabling RequireTLS on Exchange Send Connectors:

@Dashrender said in Enabling RequireTLS on Exchange Send Connectors:

@BRRABill said in Enabling RequireTLS on Exchange Send Connectors:

But everyone has it. It's a simple check box.

(SARCASM for @scottalanmiller )

In most of the cases where I've called, they have claimed misconfiguration as the reason it didn't work. In the cases of Cox and Internet Nebraska - both of these vendors purposefully made the choice to not have it.

WHich should have instantly caused any IT or business person to have avoided using them.

Are you talking about cox and Internet Nebraska, or all of them, including those who were misconfigured?

Cox and Nebraska. By refusing to properly configure email security they are "bad actors" and should not be allowed to be involved in any way. They are the enemy that we should protect against, not do business with.

OH, well of course. I completely agree. And with our TLS required rule, we pretty much don't send email to them anymore (though, because we allow opportunistic TLS on inbound, we can accept email from them), with the exception as listed above, as required by management.

Dashrender

https://i.imgur.com/eJwqC0f.png

This picture doesn't really say much, and now that they've fixed their inbound TLS issue, perhaps the unencrypted number will be a lot smaller from now on... just thought I'd share what they shared.