Hi. On 26.08.14, 12:25, Craig R. Skinner wrote: > On 2014-08-25 Mon 21:40 PM |, giacomo wrote: > > > > > > Join the Postfix users mailing list (http://www.postfix.org/lists.html) > > > > > > Send them a problem description & the output of both: > > > $ postconf -nf > > > $ postconf -Mf > > REALLY: Join the Postfix users mailing list and send them the output.
Excuse me I don't read carefully this part. Ok, I send it on postfix mailing list. > > > > > > > Sorry I can help further as I don't use SSL with SMTP as it can't be > > > enforced throughout a message's life - therefore I consider it a false > > > sense of security. > > > > Which is a solution, for you, to increase the security for connections from > > the outside > > , for example with a portable device (laptop,smartphone, etc) using a > > OpenBSD system? > > > > SMTP is not a point to point protocol, it is a redundant store & forward > protocol. SSL/TLS was an afterthought, and may be optionally negotiated > for each hop. The security of the channel is never guaranteed for each > leg of the journey. And the next hop never promises to encrypt the > onward connection. > > Mail gateways may accept an encrypted connection & forward it in clear > text to a LAN M$ exchange, Solaris or Loonix box. You don't know. Some > organisations also use 3rd party off-site MX backup boxes as well. Who > knows what they do with mail, and what route they forward it onwards by. > > Want proof? Send me a mail from your SSL/TLS MTA & watch the logs as the > message is sent in clear text to Scotland. I'll reply and you'll see > from your logs that your fancy SSL set up is ignored, and the message is > accepted by your box in plain text. > > Even if the message does (by random chance) happen to travel via an > encrypted channel, it then sits in clear text on Goatmail, Snotmail, > Yahtwits or AOL.con's servers for government agencies around the world > to read - years after it is 'deleted'. > > SMTP is resilient, but insecure. > > The best that can be done is to have the user PGP encrypt their message > before sending. To protect the user's authentication credentials on port > 587 is to use rather weak digest auth. > e.g: > 250-AUTH CRAM-MD5 > > NOT: > 250-AUTH PLAIN > 250-AUTH LOGIN > > Using SSL for SMTP-submission, IMAP or POP is to deceive users into > thinking their mail is secure. It is a lie. > > Otherwise, both ssh to a box & chat locally. > > Or use something like SILC: > http://en.wikipedia.org/wiki/SILC_%28protocol%29 Many thanks for the explanation. -- Isaia Luciano ---------------------------------------------- Le informazioni contenute nella presente e-mail e nei documenti/files eventualmente allegati sono confidenziali. Essi sono riservati esclusivamente al destinatario della stessa. La loro eventuale comunicazione, diffusione o, comunque, rivelazione a terzi, nonche' la copiatura e/o conservazione e' vietata. Se avete ricevuto questa e-mail per errore, Vi preghiamo cortesemente di informare immediatamente il mittente della stessa e di distruggerla o, comunque, cancellarla dal Vostro sistema. This e-mail contains confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error), please notify the sender immediately and destroy this e-mail. Any unauthorised communication, diffusion, disclosure and copy of the material in this e-mail is strictly forbidden. ----------------------------------------------
