On Fri, Jul 07, 2017 at 10:40:47AM -0700,
[email protected] wrote:
> I am starting to setup a Postfix server for our office.
>
> I'm looking at TLS policy.
>
> Reading old posts on the Postfix mailing lists there's lots of
> comments that REQUIRING tls should never be done on an public
> internet-facing server.
>
> But those comments are from 5-7 yrs ago.
>
> Is that still the case?
>
> On a friend's server we just checked 3 months of logs. IIUC
> there's been no non-TLS connections at all in that time:
I use a warn_if_reject reject_plaintext_session restriction at
end-of-DATA, so I have some numbers which might not be relevant to
anyone else, but there are two main classes of plaintext mail
arriving at my site:
1. Legitimate (solicited & confirmed) marketing mail
2. Free software project mailing lists (not this one)
Your numbers (and classes) would vary if you tinker with TLS settings
such that you won't accept "weak" ciphers. (Is a weak cipher weaker
than plaintext?) My cipher settings are all Postfix defaults.
> Second, if there are actually no non-encrypted connections, is
> it time finally to simply require it?
I won't. It's not like TLS in SMTP is going to make a huge
difference for privacy. I suppose big mail services like gmail are
scanning mail content for their own use, and quite likely are
allowing national governments to do the same.
TLS addresses a single, relatively minor security concern, of
protection of data in transit. Yes, that is a good thing, but
remember: you're also trusting the administrators of the other
endpoint.
If you really want to be a privacy advocate, start using GnuPG for
end-to-end email encryption.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
