I also really wish that SMTPS wouldn’t have been deprecated in favor of StartTLS, especially while having personally experienced StartTLS header stripping over unencrypted SMTP.
SMTPS, the deprecated port thing, is a submission port, not an MX delivery port. There has never been something, since deprecated, to have SSL-on-connect for outbound MX delivery.
DANE works, and works today. Postfix and Exim both support it (although Exim’s support is currently classified as “experimental” and so subject to change).
I also really wish that SMTPS wouldn’t have been deprecated in favor of StartTLS, especially while having personally experienced StartTLS header stripping over unencrypted SMTP.
SMTPS, the deprecated port thing, is a submission port, not an MX delivery port. There has never been something, since deprecated, to have SSL-on-connect for outbound MX delivery.
DANE works, and works today. Postfix and Exim both support it (although Exim’s support is currently classified as “experimental” and so subject to change).
Exim: http://git.exim.org/exim.git/blob_plain/HEAD:/doc/doc-txt/experimental-spec.txt :
hosts_try_dane = *Postfix: http://www.postfix.org/TLS_README.html#client_tls_dane