On Sun, Jun 1, 2014 at 6:24 PM, Corey Edwards <[email protected]> wrote: > > > How many users will you have? Are they technical? If it's just for > > yourself, a self-signed cert may be OK. The first time you set up a > client, > > you'll have to accept the cert. Other than that, not usually a problem. > If > > you have other, non-technie users then it's nice to have a proper cert. >
It will be just me. > > You could block access to the non-TLS ports (port 25, 110, 143). That > would > > have the effect. If your server supports it, you could require STARTTLS > on > > the standard ports. I don't know what would support it. I'm not sure if I should try Postfix/Dovecot again, or if I should use another stack. > Sure, but it depends on your server software. For example in Exim, you can > > write an ACL to require encryption: > > acl_check_rcpt: > > deny message = TLS encryption required > > encrypted = no Good to know for Exim, I'm undecided on what I should use for the service. I'm open to either. > > Yes. You will not get all your email that way. Not all email servers > > support it. You can get an idea of how the major players are doing at > EFF's > > site. > > > https://www.eff.org/deeplinks/2013/11/encrypt-web-report-whos-doing-what > > > Corey > That's what I was afraid of. Thanks for the link, I'll be sure to read through it tonight. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
