On Tue, 19 Jul 2011 00:55:30 +0200 (CEST) <> wrote: > An old unpatched qmail might be secure - but it would also be incapable > of delivering some email. Or should it really be that these systems are incapable of receiving some email. RFCs are good things but sometimes go too far or are enforced too strongly, like Exim blocking MX IPs or ssl enforcement (I forget the name H?) that blocks people with a failed bios battery (wrong time)from connecting to your website via ssl without! offering even an authenticated override. Like that's gonna take off, especially when you can use the header to force ssl. If the qmail system is that old they probably don't care or talk to these new fangled systems. I really hope there aren't any sendmail ones still out there spamming everyone, or worse. Atleast the admins of those qmail systems would most likely take the slight trouble of supporting starttls if they set them up now. Your criticising these thoughtful and caring peoples servers even if they may have retired now and noone knows how or wants to replace that system with some exchange crap. Years ago an advisory was put out that mail servers should enable ssl. I understand free yahoo services saving bandwidth/cpu. But the number of these great "brand new" servers ignoring my ehlo starttls is astounding.