Sven, unless you except an MTA, all email transfers between the Astaro and other mail servers is encrypted with TLS, so no transfers are done in plain text.
I don't think there's a way to have the Astaro autocreate S/MIME certs or PGP keys for a group - I think it is just one at a time.
Cheers - Bob
Sophos UTM Community Moderator Sophos Certified Architect - UTM Sophos Certified Engineer - XG Gold Solution Partner since 2005
Perhaps we should discuss the TLS feature in detail. As far as i know, the implementation of TLS is just opportunistic. If MTAs are not "sure" about their TLS-Certifiactes etc., mail will be transferred in plain text. This gives us a basic security in mail transport. But I wolud not rely on this featrue, if I had to ensure encrypted transmission as there is no way to configure TLS as "mandatory" for certain domains. There is a feature request addressing this. Feel free to vote:
Mail Securty: "require TLS" for certain domains To my opinion, the current TLS implementation is not able to solve Sven's problem.
Thomas, I agree that it's opportunistic, but I think the only time Astaro will skip TLS is if the other MTA won't do TLS. I remember about 3 years ago having trouble with the TLS implementation in Domino servers. The result was that the messages would not be sent by the Astaro until the target address was added to the TLS skiplist on the 'Advanced' tab.
So, my conclusion is that any business that cares about secure email will invest in a modern email server before investing time and energy in establishing individual encryption for all of its employees.
If someone from Astaro knows that this is incorrect, please let us all know!
Cheers - Bob
Sophos UTM Community Moderator Sophos Certified Architect - UTM Sophos Certified Engineer - XG Gold Solution Partner since 2005
