On Feb 5, 2016, at 4:40 PM, Phillip Hallam-Baker
<phill(_at_)hallambaker(_dot_)com> wrote:
I would be surprised by any legitimate SSL3 mail because the STARTTLS
spec came long after TLS 1.0 was settled.
Surprise!
http://www.engardelinux.org/modules/index/list_archives.cgi?list=postfix-users&page=0279.html&month=2013-09
But that was in 2013, and my response was:
As I mentioned, at this time, deprecating SSLv3 is most likely
counter-productive. I am hoping that in a couple of years it will
be a practical default for the SMTP client only, where you can
define exceptions for problem destinations via smtp_tls_policy_maps.
A polite note to their postmaster linking to this thread may
encourage them to start making plans to upgrade to inbound systems
that can support TLSv1 and up (strictly speaking the STARTTLS EHLO
response in SMTP promises support of TLS an IETF standard, not SSLv3).
The timeline for SSLv3 deprecation turned a bit better than I expected,
(for various reasons that were hard to predict in 2013), so at this point
"no SSLv2/SSLv3" is a good choice for both SMTP clients and servers.
--
Viktor.