[TriLUG] transmitting secure emails
Chuck Peters
chuck.peters at gmail.com
Tue Apr 6 01:12:11 EDT 2010
On Mon, Apr 5, 2010 at 9:33 PM, Chris Bullock <cgbullock at yahoo.com> wrote:
> I would like to see what my options are for providing secure transmissions of emails and attachments for my organization. We currently use postfix mta and dovecot SMTP server. We would like to send documents to other parties that include SSN, bank account information, etc. We have in the past had users log into SFTP servers but we run into issues of firewalls and admin rights loading SFTP clients etc. Is there anything out there that meet my needs? Ideally, maybe something integrated that may provide an https link with login that would reside on the mail server.
I have setup TLS for our exim servers and that will transport the
messages securely between servers, but that does not mean all messages
are sent securly. I would think it is possible to require all SMTP
traffic use TLS and send some bounce if it isn't transported securely.
Quoting document 4 below "You can ENFORCE the use of TLS, so that the
Postfix SMTP server announces STARTTLS and accepts no mail without TLS
encryption, by setting "smtpd_tls_security_level = encrypt" (Postfix
2.3 and later) or "smtpd_enforce_tls = yes" (obsolete but still
supported). According to RFC 2487 this MUST NOT be applied in case of
a publicly-referenced Postfix SMTP server. This option is off by
default and should only seldom be used."
For further info:
1. Jan 1996 RFC SMTP Service Extension for Secure SMTP over TLS
http://www.rfc-editor.org/rfc/rfc2487.txt
2. EXIM Spec manual - Encrypted SMTP connections using TLS/SSL
http://www.exim.org/exim-html-3.20/doc/html/spec_38.html.
3. TLS on wikipedia
http://en.wikipedia.org/wiki/Transport_Layer_Security
4. Postfix TLS support
http://www.postfix.org/TLS_README.html
Chuck
More information about the TriLUG
mailing list