[Kolab-devel] Fwd: Re: Add additional tls settings for postfix client side

Richard Bos radoeka at xs4all.nl
Tue Feb 14 22:22:58 CET 2006 

Please Keep Sandy on the Cc, that prevents me from relaying the discussing, 
thanks.

Subject: Re: [martin.konold at erfrakon.de: Re: [Kolab-devel] Add additional tls 
settings for postfix client side]
Date: dinsdag 14 februari 2006 18:58
From: Sandy Drobic

radoeka wrote:
> Sandy,
>
> FYI as seem are not on the CC of this one either.
>
>
> Am Donnerstag, 9. Februar 2006 22:58 schrieb Richard Bos: Hi Richard,
>
>>> smtp_use_tls = yes
>>>
>>>
>>> Otherwise you will be able to receive with a TLS encrypted connection but
>>> send without encryption.
>>>
>>>
>>> Should the additional tls settings for postfix client side be added to
>>> the main.cf template file?
>
> I don't get your point.
>
> We use TLS not to protect the contents of the mails but in order to protect
> the credentials used for authentification of the clients with the smtpd
> server.

That is one valid reason for using TLS. It is not the only valid reason
for using TLS.

> "smtp_use_tls = yes" protects the connection to another smtp server.
> Typically this is some server on the internet. If you require
> authentification the "smtp_use_tls = yes" makes sense but beware that
>
> firstly enabling authentification for external relay hosts needs manual
> configuration anyway with the current Kolab and

TLS does not necessarily need authentication. It is used primarily to set
up an encrypted channel to transmit smtp data. The question is rather is
the data in the mail not at least as important as the authentication data?

> secondly enabling "smtp_use_tls = yes" needs proper testing with all hosts
> in question because some SMTP servers offer STARTTLS even if it is not
> configured.

The same goes for esmtp, pipelining and 8bitmime. You will without doubt
find some broken systems though I haven't seen too many. If neccessary you
can always configure for broken sites to discard the non-functioning
extensions.

> Last but not least "smtp_use_tls = yes" is only opportunistic and means use
> TLS is it is offered by the other host but fall back to non TLS otherwise.
> (False feeling of security)

I rather think of it as a bit added security for little effort. So why NOT
take it? smtp TLS is not meant as a cure-all, it's only another part of
the security.

At the moment the reality is that either one is using encrypted mails with
  a few selected partners or not using any encryption at all.

> IMHO emails are better protected using per mail encryption like gpg and in
> the case of only internal server under your control use some VPN technology
> like IPSec or OpenVPN.

smtp TLS is not primarily meant for internal traffic but for traffic to
smtp servers of third parties that you do not control.

> At erfrakon we simply use ssh port forwarding between your Kolab hosts.

If you control both sides I am calling it "internal traffic" and you can
set up any number of mandantory encryted channels using ssh, vpn or
mandantory TLS, whatever.

What do you do with traffic from your Kolab servers to outside servers on
the internet? If you do not use TLS, do you truly think you are more safe?
The casual user doesn't know or care about TLS/PGP either way, so I don't
think it's a case of "false security".

In short: if encryption is necessary you make it mandantory, if it's nice
to have but you can't enforce it you take it when it is offered but you
don't rely on it.

Sandy

-------------------------------------------------------

-- 
Richard Bos
Without a home the journey is endless

More information about the devel mailing list