Linux serverNETWORK ADMINISTRATIONSsmtp server liux

Using SSL/TLS for Outbound Emails

Learn the differences between STARTTLS and plain SSL/TLS on port 465 for SMTP servers. Is STARTTLS enough to ensure your emails are secure from hackers. Explote the benefits of using End-to-End Encryption when sending private emails.

Try Xeams Free for 30 Days http://www.xeams.com

source

by Synametrics Technologies

linux smtp server

3 thoughts on “Using SSL/TLS for Outbound Emails

  • 1)When you state "server A needs a certificate", do you mean: "server A needs to receive a certificate with the public key of server B" or do you mean "server A needs to make a Private/public keypair where it puts his public key in a certificate file that finally be signed by a CA"?

    2) another confusion: you sate that on the sending MTA when STARTTLS is configured, that it's the sending MTA (which you call now the SMTP client) that asks the receiving MTA for acceptance of setting up a TLS tunnel? As I tought it was the receiving MTA that decides that TLS is required to talk to it, and so that the receiving MTA finally decides on destination port and∕or TLS? This in a way that if the sending MTA (smtp client) does not comply with, the receiving MTA can decide to block incoming communication.
    Maybe in both perceptions it's the same…
    Can rephrase STARTTLS as follows? –> the sending MTA asks the receiving MTA "Do you require TLS? Do you require another port? And if yes, I'd be happy to oblige (with a valid certificate)"
    If STARTTLS on the sending MTA is NOT enabled, the question will never be raised and so if the receiving MTA demands TLS and optionally port number change, communication will not go trough.
    So it's the destination / receiving MTA that 'finally calls the shots' on whats required or not. This a correct understanding?

    3) Side question: I thought that if TLS was set up between MTA 's, by default the destination port (decided by the receiving 'listening' MTA) would swap to 587. Isn't that common ?

  • thanks, it's a very in-depth explanation of email security. just t clear my doubts. Even if I have STARtTLS enabled and want to send an email and if the recipient's email server does not support TLS or does not have a public certificate on their gateway, that means the email will still be sent in clear text as it defaults to (opportunistic encryption). Unless the recipient uses DANE or MTA-STS.

  • if we use SMTPs, do we still need SPF and DKIM?
    or SPF and DKIM won't matter anymore?

Comments are closed.