[TriLUG] transmitting secure emails

Justis Peters jtrilug at indythinker.com
Tue Apr 6 01:37:05 EDT 2010 

Chuck Peters wrote:
> On Mon, Apr 5, 2010 at 9:33 PM, Chris Bullock <cgbullock at yahoo.com> wrote:
>   
>> I would like to see what my options are for providing secure transmissions of emails and attachments for my organization.  We currently use postfix mta and dovecot SMTP server.  We would like to send documents to other parties that include SSN, bank account information, etc.  We have in the past had users log into SFTP servers but we run into issues of firewalls and admin rights loading SFTP clients etc.  Is there anything out there that meet my needs?  Ideally, maybe something integrated that may provide an https link with login that would reside on the mail server.
>>     
> I have setup TLS for our exim servers and that will transport the
> messages securely between servers, but that does not mean all messages
> are sent securly.  I would think it is possible to require all SMTP
> traffic use TLS and send some bounce if it isn't transported securely.
>
> Quoting document 4 below "You can ENFORCE the use of TLS, so that the
> Postfix SMTP server announces STARTTLS and accepts no mail without TLS
> encryption, by setting "smtpd_tls_security_level = encrypt" (Postfix
> 2.3 and later) or "smtpd_enforce_tls = yes" (obsolete but still
> supported). According to RFC 2487 this MUST NOT be applied in case of
> a publicly-referenced Postfix SMTP server. This option is off by
> default and should only seldom be used."
>   
The primary reason that encrypting transmission of emails is not 
sufficient here is that most email clients store the emails in an 
unencrypted form. Considering how difficult it is to control security on 
end-user workstations, this pretty much rules out email.

I think that Cristobal and others were on the mark by recommending a 
secure web application where the users must have an established SSL 
session before the data will be displayed. I would further recommend 
that the data should be stored in an encrypted format and that it should 
be deleted as soon as it is no longer needed.

There is significant wisdom and even regulatory hurdles to be found in 
existing standards, such as PCI-DSS. This page is a good starting point 
for further reading:
  https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

Best of luck.

Kind regards,
Justis Peters

More information about the TriLUG mailing list