BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] Running a mail server, or not
- Subject: [Discuss] Running a mail server, or not
- From: richard.pieri at gmail.com (Richard Pieri)
- Date: Tue, 26 Jun 2018 12:50:08 -0400
- In-reply-to: <65F0FFBE-0F12-4FD0-ABB8-4DCEEABCA912@pioneer.ci.net>
- References: <mailman.5.1530028803.11828.discuss@blu.org> <65F0FFBE-0F12-4FD0-ABB8-4DCEEABCA912@pioneer.ci.net>
On 6/26/2018 12:09 PM, Rich Braun wrote: > False. The connections begin and end with STARTTLS. There is no clear > text SMTP on the wire. An attack must be made against a server, or > the encrypted stream between. > > Prove me wrong. When I send this message, STARTTLS encrypts the SMTP connection from my Thunderbird to smtp.gmail.com where it is decrypted and queued. smtp.gmail.com connects to cheyenne.blu.org (blu.org's MX) on port 25 and delivers the message to the list address. This connection might be encrypted (opportunistic TLS) or it might not be encrypted. cheyenne runs through the list processing, and at one point connects to mx-capricab.easydns.com (your MX) on port 25 and delivers a copy to your mailbox. This connection also might be encrypted or it might not be encrypted. If you use POP or IMAP then your mail program makes a STARTTLS connection to mx-capricab to retrieve this message. The only hops that are guaranteed to be encrypted (STARTTLS) are the connections from my MUA to my mail server, and from your MUA to your mail server. The intervening hops might be encrypted, or they might not be encrypted. -- Rich Pieri
- References:
- [Discuss] Running a mail server, or not
- From: richb at pioneer.ci.net (Rich Braun)
- [Discuss] Running a mail server, or not
- Prev by Date: [Discuss] Running a mail server, or not
- Next by Date: [Discuss] Running a mail server, or not
- Previous by thread: [Discuss] Running a mail server, or not
- Next by thread: [Discuss] Running a mail server, or not
- Index(es):
