Still focusing on Run Your Own Mail Server, and so close to the end I could spit on it.

Remember, we’re talking about a protocol that doesn’t require validating certificate authenticity. The standards for TLS in email are low, no matter how we might wish otherwise.

So, what do we do?

One group of mail operators prioritizes broad compatibility. They still allow deprecated TLS and weak ciphers because they’re better than plain text. Postfix ships with this configuration, because otherwise people c...