Koozali.org: home of the SME Server

Sending email securely

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Sending email securely
« Reply #15 on: June 20, 2018, 01:03:16 PM »
Patches are welcome...
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Knuddi

  • *
  • 540
  • +0/-0
    • http://www.scanmailx.com
Re: Sending email securely
« Reply #16 on: June 20, 2018, 01:32:00 PM »
That is exactly the same thought I sit with and not the philosophical discussion on use of IM and other chat apps :-) By the time mail becomes irrelevant the SME server has been discontinued for years anyways.

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Sending email securely
« Reply #17 on: June 20, 2018, 01:46:09 PM »
It doesn't change my view, but if others are willing to do the work then I have no issues.

Unfortunately I think it will be a case of 'isn't good enough, must change, I haven't got time/knowledge' etc

There are certainly are other issues that have a higher priority as a patch won't bring the nirvana required.

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline William R H

  • *
  • 23
  • +0/-0
Re: Sending email securely
« Reply #18 on: June 20, 2018, 02:10:38 PM »
Is it silly for me to point out that Gmail uses TLS on all its outgoing messages? eg

"Received: from mail-io0-f179.google.com (HELO mail-io0-f179.google.com) (209.85.223.179)
 by yourlets.biz (qpsmtpd/0.96) with ESMTPS (ECDHE-RSA-AES256-GCM-SHA384 encrypted); Wed, 20 Jun 2018 13:07:10 +0100"

Offline William R H

  • *
  • 23
  • +0/-0
Re: Sending email securely
« Reply #19 on: June 20, 2018, 02:19:28 PM »
Also, regarding the very valid "false sense of security" points raised above.

There I sat configuring Thunderbird to access my outgoing server and I chose TLS security. Thus over my LAN I get TLS and privacy against casual packet sniffers.

Until I started looking at all this, and raised it with Brian, I was under the impression that having set it thus TLS would be honoured all the way out of SME Server into the next MTA at least.

A big mistake.

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Sending email securely
« Reply #20 on: June 20, 2018, 02:50:26 PM »
Yup. You have got it in one.

Until EVERY server uses it, there are no guarantees, and worse could give users a false sense of security.

The chain is only as strong as the weakest link. One server without encryption in the chain, and game over player one.

You cannot guarantee the path any given mail will take.

I agree it is a bad flaw with email. Regrettably I don't see the world changing any time soon.

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Sending email securely
« Reply #21 on: June 20, 2018, 02:53:50 PM »
N.B. Google (and anyone else come to that) can make no guarantees either.

The fact they use it does not make it any more secure, unless you can guarantee the chain.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline William R H

  • *
  • 23
  • +0/-0
Re: Sending email securely
« Reply #22 on: June 20, 2018, 04:20:07 PM »
I agree that gmail don't guarantee anything as a result of using TLS - but, as per my point earlier, perhaps they too take the view they can do their little bit and make sure that anything they do have control over does use TLS.

Apart from all that I am just about to start a thread on qmail-qfilter which can help out with a strongly related problem of mine.


But I think, on balance, regardless of the security of the whole chain, we ie SME Server, should at least show willing. So if the first hop can do TLS we should use it.

At least then on that leg it is secure [edited: not so much secure as relatively private] - over the first broadband link or whatever. It won't be open to any OpenReach technician sitting there with a network traffic analyser.

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Sending email securely
« Reply #23 on: June 20, 2018, 05:13:04 PM »
And as I said... patches welcome :-)
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Sending email securely
« Reply #24 on: June 21, 2018, 06:01:11 AM »
already a bug and potential patch

https://bugs.contribs.org/show_bug.cgi?id=9349