Loading ...
Sorry, an error occurred while loading the content.

Re: ESMTP extension (was: Re: Encrypted connection from mta to mta?)

Expand Messages
  • lst_hoe02@kwsoft.de
    ... This does not add any benefit or security. There is no way for the sender to see if the receiving MTA is lying and ditch the header or does nothing with it
    Message 1 of 7 , Feb 25, 2011
    • 0 Attachment
      Zitat von Bernhard Rohrer <graylion@...>:

      > This gave me an idea:
      >
      > what do people think about an ESMTP extension that enforces TLS?
      >
      > MTA1 ----------> MTA2 ---------> MTA3
      > TLS TLS
      >
      >
      > with the idea of having an X-header that basically says "do not
      > forward if no TLS available"
      >
      > so MTA1 sends to MTA2 encrypted. MTA2 reads that header and says
      > EHLO to MTA3. If MTA3 does not reply with TLS, MTA2 retunrs an NDR
      > to MTA1 with "could not deliver, TLS not available". The big problem
      > that I see is backward compatibility - one would need a ehlo flag
      > that signifies this capability in order to enable MTA1 not to send
      > to MTA2 if MTA2 was not able to recognize the header.

      This does not add any benefit or security. There is no way for the
      sender to see if the receiving MTA is lying and ditch the header or
      does nothing with it at all. If you need secure/authenticated e-mail
      have a look at S/MIME and PGP for example at
      http://www.postfix.org/addon.html#security-gateway.

      Regards

      Andreas
    Your message has been successfully submitted and would be delivered to recipients shortly.