CS // 6 Aug 2019 // Comments Off on Mail Server Updates

The mail software has been completely revamped to support additional security precautions.

Failed logins will be blocked by ip address for 1 hour. (5 fails to trigger a 1hr block)

Senders can only send mail from their authenticated email address.

Outgoing mail is now also inspected for spam, if tests fail, sending will fail.

DKIM signing is now possible, we are in the process of implementation and testing.

SSL connections are now set to a minimum of TLS1.2 and 2048bit encryption, as per internet standards.

Support for connecting to servers still using old insecure protocols has been deprecated (i.e. not supported anymore).
The protocol insecurity issue is explained in more detail here –
https://weakdh.org

This has impacted some deliveries to outdated servers, which still use outdated software.

We can resolve these issues on a case by case basis if you forward support the relevant bounce messages.

If you see bounce messages with errors similar to this –
SSL routines:tls_process_ske_dhe:dh key too small;
SSL routines:ssl_choose_client_version:unsupported protocol;

The recipients server’s SSL key setup (the key they use for encryption for their mail server) is an issue.
Their keys are too small, and vulnerable to eavesdropping, and ideally need to be updated, as their communications are vulnerable.