postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: Encrypt messages between 2 servers

Re: Encrypt messages between 2 servers

From: Victor Duchovni <Victor.Duchovni_at_nospam>
Date: Mon Oct 25 2010 - 17:11:51 GMT
To: postfix-users@postfix.org

On Sun, Oct 24, 2010 at 11:22:24AM +0200, martijn.list wrote:

> > Just use opportunistic TLS on both ends and go.
>
> It depends on the requirements whether TLS is good enough. It's not
> always possible to be 100% certain that the complete route is TLS
> protected. All intermediate servers should protect the message with TLS
> and this is something the sending server cannot enforce. For example if
> you are using fallback SMTP servers hosted by some external company in
> case of problems how can you be 100% certain that the email is TLS
> protected?

The "secure" and "fingerprint" TLS security levels address this issue.

> If your requirements are such that you must be 100% certain that your
> email is protected all the way, you should protect the message, not just
> the channel.

No, protecting the channel is quite sufficient, and by the far the
simplest approach, if the goal (as stated) is secure delivery between
two sites.

-- Viktor.