[AusNOG] Issues receiving from TPG Mail servers.

Rob Thomas xrobau at gmail.com
Mon Jul 23 15:27:12 EST 2018


> But shouldn't your public mail server be out of scope for PCI?

Here. ladies and gentleman, is a nerd that has never encountered the
insanity and conflicting information that is PCI.  Be quiet, we don't
want to scare it.

In all seriousness, yes, they will fail you if you have anything
listening on a machine that accepts TLS1.0 connections.  Or maybe they
won't. You don't know until you pay the $5k for the audit. And if they
DO fail you, you have to fix it. So I'm guessing that is where Bradley
is now. His PCI auditors have said 'No TLS1.0 on this server', and
that's the end of the discussion.

You don't get to reason with these people. They are accountants that
run scripts and have a checklist.  Common sense does not enter into
the equation.

--Rob


More information about the AusNOG mailing list