Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 4464 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I enable ESMTP / TLS Mail Encryption?

dirx
Hello,

I want to communicate with another company through ESMTP/TLS encrypted Mails. How do I enable TLS for SMTP? And how do I know if my system uses TLS? Do I see that in the logfiles somewhere?

I m running Astaro V7.

Thanks,
Dirx


This thread was automatically locked due to age.
Parents
  • 0
    Version 7 enables TLS by default (it negotiates with the remote host at connection time) ... in fact, they've included a TLS skiplist in case you deal with a remote host that has a version of SMTP server that doesn't support such negotiation.  So there's nothing to configure in your case...

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    Ok thanks!

    Is TLS an acceptable replacement for PGP or S/Mime?
  • 0 in reply to dirx
    Probably not. Remember with TLS and SSL encryption - the secure channel is established between your mail client and the MTA. The next hop is not guaranteed to be encrypted. Further, the message will still be in clear text when residing in the mail spool. Hence, if you want to secure your mail for the entire delivery process use PGP or S/MIME in conjunction with TLS or SSL.
  • 0 in reply to James Bourne
    While the email will be encrypted in transit by TLS, it won't be encrypted in the mail spool, as a previous poster pointed out.  Also, PGP and S/MIME provide mechanisms to prove that a sender is legitimate, and that the email is legitimate; TLS does not.  ALso, there are quite a few mail servers out there that do not support TLS or are configured to not use it, so you can't guarantee that will be encrypted.  So, they are not equivalent.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • 0 in reply to James Bourne
    While the email will be encrypted in transit by TLS, it won't be encrypted in the mail spool, as a previous poster pointed out.  Also, PGP and S/MIME provide mechanisms to prove that a sender is legitimate, and that the email is legitimate; TLS does not.  ALso, there are quite a few mail servers out there that do not support TLS or are configured to not use it, so you can't guarantee that will be encrypted.  So, they are not equivalent.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children
No Data
Cookie Information Banner