Ben Mills wrote:
> TLS is SSL.
Sorta kinda. ;) They're both encrypted connections, but they're just a tad
different in the way they're initiated. In simple terms, with SSL a
dedicated port is used strictly for encrypted communications, and all
traffic on the port is encrypted. With TLS, a 'normal' port can be used,
because a session begins unencrypted, each end negotiates an encrypted
session (STARTTLS), and communication continues encrypted from that point
on. At least that's my understanding.
> By default your toaster should attempt attempt an encrypted
> connection every time it connects to a foreign host.
That's good to know. I'd like to verify this some time. It'd be nice if
there was a log message for encrypted smtp connections so it'd be easy to
tell what's encrypted and what isn't.
> To go further, you
> may wish to use SSL between your server and its clients.
This is highly recommended, as otherwise the user's passwords are sent in
the clear.
> POP3 SSL (port
> 995) is ready to go with the default build of toaster.
Works nicely. TLS does not work with pop3 at this time, but hopefully will
in the future.
> But you need to
> build a port 465 (smtp SSL) daemon, but its neither a daunting nor
> difficult task.
This is not recommended. smtps port 465 (smtp over SSL) is deprecated, and
should only be used if absolutely necessary (a client cannot support TLS).
Use TLS instead.
> A signed ssl certificate is pretty much required,
> otherwise the client software will have a fit.
It's definitely simplest to have a certificate signed by a registered CA.
It's possible to self-sign a certificate for private use, but that's a
little beyond our scope here.
> Anybody, correct me if I'm wrong. But that's about all there is to it.
As a geometry professor of mine once said, "if you understand it it's
trivial, if you don't it's not". ;)
> Ben
>
> Dan Herbon wrote:
>> Hello,
>>
>>
>>
>> My company wants to establish Encrypted email for sensitive emails. I
>> found a company in which several banks use that offer Email
>> Encryption. I spoke with their tech guys and they said basically I
>> relay all email that leaves the server through their servers via “TLS
>> Encryption.” Has anyone out there in the toaster land had to do
>> anything like this with their toaster server? Please let me know if
>> you have any information. A lot of documents out there on TLS are a
>> little confusing.
>>
--
-Eric 'shubes'
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]