Loading ...
Sorry, an error occurred while loading the content.

Re: Server to Server TLS encryption?

Expand Messages
  • Andreas Kasenides
    My understanding is that this happens automatically during the negotiation phase if the remote server advertises TLS. At least this is what I thought happened
    Message 1 of 6 , Aug 18 10:41 AM
    • 0 Attachment

      My understanding is that this happens automatically during the negotiation phase if the remote server advertises TLS. At least this is what I thought happened during a recent test. And I was certainly using self-signed certificates. Actually very nice things begin to happen when TLS is enabled. See your friendly Postfix logs!

      Note the opening sentence on the TLS README: "Transport Layer Security (TLS, formerly called SSL) provides certificate-based authentication and encrypted sessions. An encrypted session protects the information that is transmitted with SMTP mail or with SASL authentication." Clearly says about SMTP sessions. This happens for 2.3+

      Andreas

      On 18-08-2013 08:32, Theodotos Andreou wrote:

      Hi guys,
      
      I went through the TLS Readme but I couldn't find a clear answer to the 
      following question:
      
      Can you configure postfix in a way that it connects using TLS to another 
      SMTP server, if TLS is available on the other side? For example if the 
      destination server supports TLS then postfix opens a TLS connection to it.
      
      Further more can this be done even if you have a self-signed certificate 
      on the destination?
      
      Thanks
      

       

       
    • Jack-Benny Persson
      This is my understanding as well. This can be seen in the message source if it has been sent from a server with TLS enabled to another server with TLS. It
      Message 2 of 6 , Aug 18 10:44 PM
      • 0 Attachment
        This is my understanding as well. This can be seen in the message source
        if it has been sent from a server with TLS enabled to another server
        with TLS.

        It looks something like this i believe:

        Received: from mail.example.com (mail.example.com
        [xxx.xxx.xxx.xxx])(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
        (No client certificate requested)
        by mail.example.org (Postfix) with ESMTPS id xxxxxxx

        Cheers,
        Jack-Benny


        On 08/18/2013 07:41 PM, Andreas Kasenides wrote:
        > My understanding is that this happens automatically during the
        > negotiation phase if the remote server advertises TLS. At least this is
        > what I thought happened during a recent test. And I was certainly using
        > self-signed certificates. Actually very nice things begin to happen when
        > TLS is enabled. See your friendly Postfix logs!
        >
        > Note the opening sentence on the TLS README: "Transport Layer Security
        > (TLS, formerly called SSL) provides certificate-based authentication and
        > encrypted sessions. An encrypted session protects the information that
        > is transmitted with SMTP mail or with SASL authentication." Clearly says
        > about SMTP sessions. This happens for 2.3+
        >
        > Andreas
        >
        > On 18-08-2013 08:32, Theodotos Andreou wrote:
        >
        >> Hi guys,
        >>
        >> I went through the TLS Readme but I couldn't find a clear answer to the
        >> following question:
        >>
        >> Can you configure postfix in a way that it connects using TLS to another
        >> SMTP server, if TLS is available on the other side? For example if the
        >> destination server supports TLS then postfix opens a TLS connection to it.
        >>
        >> Further more can this be done even if you have a self-signed certificate
        >> on the destination?
        >>
        >> Thanks
        >
      Your message has been successfully submitted and would be delivered to recipients shortly.