On Wed, Sep 10, 2014 at 10:38:49AM -0700, Quanah Gibson-Mount wrote: > Interestingly enough, there does seem to be a number of hosts using TLS when > communicating with smtpd, including sites such as google, cloud9, yahoo, > hotmail, dropbox, linkedin, etc. We have 2,253 (non unique domain) > connections so far today using TLS over smtpd (vs 13,599 not using TLS). So > approximately 14% of all connections to our smtpd are using TLS now. Hard to > exactly extract how significant that is, since it'll depend on traffic > patterns, but it overall does indicate to me that securing the smtpd layer > is of importance to a number of organizations.
Google reports 57% of inbound email encrypted via TLS. https://www.google.com/transparencyreport/saferemail/ so indeed STARTTLS is lately much more common. The question at hand is however whether domain-specific certificates at a single TCP endpoint are something Postfix should support. * Presumably because enough SMTP clients actually verify CA-issued certificates. * And the various hosted domains don't all use the same MX host name (possibly with a prefix for matching a wildcard cert): $ dig +short -t mx nist.gov 0 nist-gov.mail.protection.outlook.com. $ dig +short -t mx microsoft.com 10 microsoft-com.mail.protection.outlook.com. * And (crucially) SMTP clients signal SNI information that would allow the SMTP server to offer "the right" certificate. - Which also assumes that other SMTP servers don't choke on SNI requests when they don't have an exactly matching certificate. * And (with great difficulty) it is practical to obtain certificates for domains belonging to the clients, most likely via the clients obtaining these and them sharing the keys with the provider. While the above might be seen as an attempt to dissuade you from looking into this further, the goal is to get past any magical "wouldn't it be nice if" thinking and find out whether people really understand what it is they're asking for, and whether they still want it after they understand what it is they might get. Opportunistic TLS with no authentication works just fine with a just a self-signed certificate, bearing no name in particular. -- Viktor.