Coming soon - Get a detailed view of why an account is flagged as spam!
view details

This post has been de-listed

It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.

8
PCI ASV wants me to downgrade security
Post Body

So, I run port 25 SMTP opportunistic encryption for incoming mail from other servers. I support all protocols because there's no reason not to. If you refuse a protocol it's just going to fall back to unencrypted.

My previous scanning vendor accepted this as a false positive when it detected that I supported TLS 1.0 and SSLv3 on port 25, but I've changed merchant account providers and the new scanning company rejected it.

I've replied to their rejection telling them that they are asking me to lower my security by doing this, so I guess we'll see what they say. Does anyone know if there's something in the PCI standards that addresses this?

Author
Account Strength
100%
Account Age
12 years
Verified Email
Yes
Verified Flair
No
Total Karma
402,737
Link Karma
5,608
Comment Karma
395,674
Profile updated: 11 hours ago
Posts updated: 4 months ago
Ghigs

Subreddit

r/sysadmin

Post Details

We try to extract some basic information from the post title. This is not always successful or accurate, please use your best judgement and compare these values to the post title and body for confirmation.
Posted
7 years ago
Reddit URL
View post on reddit.com
External URL
reddit.com/r/sysadmin/co...