Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Running a mail server, or not



On 6/26/2018 12:09 PM, Rich Braun wrote:
> False. The connections begin and end with STARTTLS. There is no clear
> text SMTP on the wire. An attack must be made against a server, or
> the encrypted stream between.
> 
> Prove me wrong.

When I send this message, STARTTLS encrypts the SMTP connection from my
Thunderbird to smtp.gmail.com where it is decrypted and queued.
smtp.gmail.com connects to cheyenne.blu.org (blu.org's MX) on port 25
and delivers the message to the list address. This connection might be
encrypted (opportunistic TLS) or it might not be encrypted. cheyenne
runs through the list processing, and at one point connects to
mx-capricab.easydns.com (your MX) on port 25 and delivers a copy to your
mailbox. This connection also might be encrypted or it might not be
encrypted. If you use POP or IMAP then your mail program makes a
STARTTLS connection to mx-capricab to retrieve this message.

The only hops that are guaranteed to be encrypted (STARTTLS) are the
connections from my MUA to my mail server, and from your MUA to your
mail server. The intervening hops might be encrypted, or they might not
be encrypted.

-- 
Rich Pieri



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org