On 18/07/2024 13:36, Jeff Pang via mailop wrote:
Can I setup mailserver to accept messages via sdl/tls only from other
MTA? How to disable peer MTA send me plaintext mail?
You can certainly do that. But don't be surprised if some other mail
servers can't send mail to you.
Why would you want to do this?
Note that you cannot control what happens before the mail gets to you.
So, even if you only accept mail using TLS, then the message may have
gone: User -> MSA (no TLS), MSA -> ISP (no TLS), ISP -> content filter
service (no TLS), content filter service -> you (TLS). It *probably*
won't, but you have no control, so it's perfectly possible for it to
have done so.
Also, note that even if TLS is used for all transmission paths, the
unencrypted messages are theoretically available to anyone or any
software with access to any of the mail servers that the message has
passed through.
If you're concerned about message privacy, you need to use end-to-end
encryption (eg PGP or S/MIME).
Paul
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
