Questions regarding STARTTLS and server-side email filtering.
A couple of questions related to email matters:
1: This moths issue of Bruce Schneier’s newsletter included a pointer to this article: https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks. My VPS is running Postfix for outbound emails. What can/should I do with regard to enabling the STARTTLS flag?
2: My email address is more than a decade old and as such, is on every spam list in the country - I literally get hundreds of spam emails daily. I have always been concerned about using a server-based spam tool for fear of a non-spam message being trapped and have disabled all server-side filtering. Is this still a valid concern? What are best practices with regard to filtering? Do these methods allow some (relatively easy) means for checking the messages that have been blocked?