| View previous topic :: View next topic |
| Author |
Message |
ElForesto
n00b
Joined: 26 Feb 2004
Posts: 26
Location: Salt Lake City, UT USA
|
 Posted: Fri Aug 20, 2004 6:06 pm Post subject: End-to-end E-mail encrption |
 |
|
I'll start off with the disclaimer that this is all because of those frustrating HIPAA regulations.
I'd like to be able to have trasmission of e-mail from our mail server to other main servers be encrypted without the need to install client software such as PGP. The problem that pops into my mind, of course, is that the receiving server probably doesn't support using SSL.
So the long-shot question becomes... can I set up my mail server to encrypt outgoing e-mail without relying on the receiving server's configuration or client software? I'm sure it's asking the impossible (because that's all users/government can ask of us: the impossible!).
If it can't be done, it can't be done and we'll just live with it. |
|
| Back to top |
|
 |
giblet
n00b
Joined: 28 Jan 2004
Posts: 38
|
| Posted: Fri Aug 20, 2004 6:46 pm Post subject: |
|
|
well, if you want to use some kind of encryption a la PGP, the recieving party WILL need to have a configured client (else how would it know its encrypted, and how would it know what kind of encryption is used, and hence, how to decrypt it)...
as for SSL being supported on the remote server, it's easy to find out if SSL is supported:
| Code: | | $ nc <remotesmtpserver> 465 |
if it connects, then they do support SSL, so just configure postfix/exim/whatever to use SSL
if it doesnt work, not all is lost, there's a possibility STARTTLS is enabled on the normal smtp port:
| Code: | $ nc <remotesmtpserver> 25
EHLO my.domain.org |
and look for a line reading something like "250-STARTTLS", if you find it, they support TLS, so configure your server to use STARTTLS, and you're set
if they dont allow either, you can try contacting the admin of the remote server, and try to talk him into enabling secure connections :O
just remember that if you use SSL/TLS, the mail will be stored in the remote server unencrypted, so if you really want privacy use something like PGP instead
hope this helps |
|
| Back to top |
|
|
ElForesto
n00b
Joined: 26 Feb 2004
Posts: 26
Location: Salt Lake City, UT USA
|
| Posted: Fri Aug 20, 2004 7:09 pm Post subject: |
|
|
Maybe I need to resolve some ambiguity here. The mail server we use is here in our office, and it handles all incoming and outgoing e-mail. My concern is in the trasmission of e-mail from our SMTP daemon to a foreign POP3/IMAP server being intercepted and read. All of the mail in question makes it to our mail server over the LAN (and thus behind a Netscreen firewall), so setting up SSL for SMTP is not the solution.
Contacting remote admins won't really do it as we would have to contact the ISP of EVERY person we e-mail to have them set it up, and that ain't happening.
Hope that helps clarify what it is I'm looking to do. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
