On Wed, Sep 10, 2014 at 10:38:49AM -0700, Quanah Gibson-Mount wrote:
> Interestingly enough, there does seem to be a number of hosts using TLS when
> communicating with smtpd, including sites such as google, cloud9, yahoo,
> hotmail, dropbox, linkedin, etc. We have 2,253 (non unique domain)
> connections so far today using TLS over smtpd (vs 13,599 not using TLS). So
> approximately 14% of all connections to our smtpd are using TLS now. Hard to
> exactly extract how significant that is, since it'll depend on traffic
> patterns, but it overall does indicate to me that securing the smtpd layer
> is of importance to a number of organizations.
Google reports 57% of inbound email encrypted via TLS.
https://www.google.com/transparencyreport/saferemail/
so indeed STARTTLS is lately much more common. The question at
hand is however whether domain-specific certificates at a single
TCP endpoint are something Postfix should support.
* Presumably because enough SMTP clients actually verify
CA-issued certificates.
* And the various hosted domains don't all use the same MX
host name (possibly with a prefix for matching a wildcard
cert):
$ dig +short -t mx nist.gov
0 nist-gov.mail.protection.outlook.com.
$ dig +short -t mx microsoft.com
10 microsoft-com.mail.protection.outlook.com.
* And (crucially) SMTP clients signal SNI information that
would allow the SMTP server to offer "the right" certificate.
- Which also assumes that other SMTP servers don't choke on SNI
requests when they don't have an exactly matching certificate.
* And (with great difficulty) it is practical to obtain certificates
for domains belonging to the clients, most likely via the
clients obtaining these and them sharing the keys with the
provider.
While the above might be seen as an attempt to dissuade you from
looking into this further, the goal is to get past any magical
"wouldn't it be nice if" thinking and find out whether people really
understand what it is they're asking for, and whether they still
want it after they understand what it is they might get.
Opportunistic TLS with no authentication works just fine with a
just a self-signed certificate, bearing no name in particular.
--
Viktor.
