Hi, Frank, All: Interesting about 465 over 587. I suppose this is now easier to maintain using Let's Encrypt certs that are more likely to be accepted over self-signed ones? Also, about dual factor, one should have a ready plan in place when a mobile phone is lost, especially if it's certainly lost and not just misplaced. But more to the point, the second factor shouldn't be limited to a single device, either. Any single point of failure is a problem. In my case I have Google dual factor call my hard wired deskphone and read out digits that I enter into the web form. Works like a charm. PS: About those certs, I'm seriously considering taking up e residency in E stonia. No joke! http://eresident.gov.ee There's an entire discussion behind that which I'll leave for another day! Be well! Janina Frank Carmickle writes: > Hi all, > > Sorry to be late to the thread > > A few things to consider, from where I sit. > > Using 465, smtps, is better than using 587 as there are starttls downgrade attacks. > > I don’t generally like two factor auth for most services, as the second factor is often associated with the device you are most likely to loose, your phone. > > I, like Jason, am running my own mail services as I don’t need google reading my mail any more than they already are, from senders and receivers on their service to me. The more of us who run our own mail systems the better the mail situation will be for us. In recent years it has gotten harder and harder for your legitimate mail to end up in someone’s inbox. Even with dkim and spf many services dump your legitimate mail in to a spam box if you aren’t whitelisted by the user. I too am running rspamd and I’m finding that it does a reasonably good job of keeping the spam count low. > > $0.019 > > --FC > > On Jun 13, 2018, at 8:09 AM, Jason White <jason@xxxxxxxxxxxx> wrote: > > > > Janina Sajka <janina@xxxxxxxxxxx> wrote: > >> dkim, dmark, and spf checks are now quite standard. Some inbound sites > >> will bounce mail that doesn't check out with these protocols. > > > > That's an important point. In general, spam filtering (and dealing with > > recipients' spam filtering) is what makes running a mail server challenging. > > > > Despite this, I do currently run my own - a Postfix instance on a virtual > > machine hosted at linode.com. > > > > This gives the greatest control, privacy and flexibility, but, as noted, it > > comes with work attached. > > > > I've recently configured rspamd, a new anti-spam tool that somewhat improves > > and simplifies spam filtering. It can also handle signing of outbound messages > > with DKIM, but, for the moment, I'm still using OpenDKIM for that purpose. > > > > _______________________________________________ > > Speakup mailing list > > Speakup@xxxxxxxxxxxxxxxxx > > http://linux-speakup.org/cgi-bin/mailman/listinfo/speakup > > _______________________________________________ > Speakup mailing list > Speakup@xxxxxxxxxxxxxxxxx > http://linux-speakup.org/cgi-bin/mailman/listinfo/speakup -- Janina Sajka Linux Foundation Fellow Executive Chair, Accessibility Workgroup: http://a11y.org The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI) Chair, Accessible Platform Architectures http://www.w3.org/wai/apa _______________________________________________ Speakup mailing list Speakup@xxxxxxxxxxxxxxxxx http://linux-speakup.org/cgi-bin/mailman/listinfo/speakup
