Re: Encryption question with SMPT
- From: "Sanford Whiteman" <swhitemanlistens-software@xxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 04 Oct 2007 20:24:29 -0400
Sorry if this is not the correct group but the only one related to
SMTP in my list.
Well, this is a product-specific list, but I can probably help.
Although you should have searched recent posts first, because there is
a thread on this very topic.
1 - I can send e-mails from the command prompt fine. Currently I
want to do the same but encrypt the e-mail. Is this possible?
You can encrypt the conversation between the mail client and the
submission server. This does _not_ mean that the connection between
the submission server and the outbound smart host (if there is one),
nor the connection to a remote domain's MX server, will be encrypted.
Each link means separate configuration. If any remote server does not
support encryption, you will not be able to encrypt that link. You
have to be much more precise about what part(s) of the SMTP transport
you wish to secure.
As for the encryption itself, there are two methods, SMTPS (SSL/TLS to
a dedicated port, usually WKP TCP 465) and STARTTLS/STOPTLS (inline
encryption of a connection that starts in the clear as standard SMTP
connection, on WKP TCP 25).
2 - Does it only required a setting within the mail server then all
e-mails are encrypted?
You shouldn't use the term "e-mails are encrypted" to describe this
technology. While it is true that the headers and body of an e-mail
will be encrypted while in transit, this encryption does not (as noted
above) apply to the same message traveling over later SMTP hops
(server-to-server links), nor does it apply to the message as it is
downloaded into a mail client over POP3/IMAP/MAPI/etc.
The only true encryption of the message that will travel with the
message from the point of origin to the destination mailbox is PGP.
Back to SMTP encryption: for a server to require all submissions to be
encrypted, it has to (a) disallow all unencrypted mail, and (b) have
an SSL/TLS certificate that can be trusted by all clients that connect
(if the clients are all corporate-controlled, the cert does not have
to be issued from a public CA, but if you are, for example, a hosting
provider, you need to have a commercial cert or be prepared to do a
lot more customer handholding).
3 - Does it require both a configuration within the mail server as
well as making an additional command on the client side command
prompt to encrypt the e-mail?
Again, speaking of SMTP encryption only: yes, both client and server
need to offer the same encryption type (SMTPS or STARTTLS/STOPTLS)
_and_ be set to use it. If one side speaks only SMTPS and the other
only STARTTLS/STOPTLS, that won't work.
--Sandy
------------------------------------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
------------------------------------
.
- References:
- Encryption question with SMPT
- From: JNLSeb
- Encryption question with SMPT
- Prev by Date: Encryption question with SMPT
- Next by Date: Re: Configuring SSL in IIS SMTP
- Previous by thread: Encryption question with SMPT
- Index(es):
Relevant Pages
|
Loading
