Transport Layer Security
Transport Layer Security, or TLS (formerly known as SSL), enhances TCP communications by adding encryption for privacy and message integrity. RFC 3207 defines an extension to SMTP known as STARTTLS. Its primary purpose is to provide privacy in peer-to-peer communications. It can also give you assurances that your mail is not being delivered to a rogue system posing as the server you think you're sending mail to. Another useful application is in combination with SASL, to protect plaintext passwords that would otherwise be sent in the clear.
One nice benefit of TLS is that you can obtain the privacy and assurances of reliable server identification without a previous arrangement between systems. Strong authentication is also possible if your users' email clients support it. By using client certificates, which are cryptographically signed identifiers (see sidebar), your mail server can be sure that connecting clients are indeed who they claim to be. You can use client certificates in place of or in conjunction with SASL authentication discussed in Chapter 12. There is administrative overhead in managing client certificates and assisting users in configuring their email clients to use them, while using TLS just to encrypt authentication credentials is fairly easy to set up.
It is important to note, however, that TLS is not meant to protect the contents of email messages. When you encrypt the transmission between a client and server, everything (including the message) is encrypted. However, TLS protects only the transmission between the two systems. After the server receives a message, it is probably stored as plaintext. You can't be sure if the message will be encrypted or not when the server forwards it to the next destination, or when the final recipient downloads the message to read it. Unless you can control and encrypt the path all the way from the originating client to the ultimate recipient of the message, it will most likely pass in the clear at some point on its way to delivery. To achieve end-to-end privacy you need a client solution such as PGP or S/MIME.
Introduction
- Introduction
- Postfix Origins and Philosophy
- Email and the Internet
- The Role of Postfix
- Postfix Security
- Additional Information and How to Obtain Postfix
Prerequisites
Postfix Architecture
- Postfix Architecture
- Postfix Components
- How Messages Enter the Postfix System
- The Postfix Queue
- Mail Delivery
- Tracing a Message Through Postfix
General Configuration and Administration
- General Configuration and Administration
- Starting Postfix the First Time
- Configuration Files
- Important Configuration Considerations
- Administration
- master.cf
- Receiving Limits
- Rewriting Addresses
- chroot
- Documentation
Queue Management
Email and DNS
Local Delivery and POP/IMAP
- Local Delivery and POP/IMAP
- Postfix Delivery Transports
- Message Store Formats
- Local Delivery
- POP and IMAP
- Local Mail Transfer Protocol
Hosting Multiple Domains
- Hosting Multiple Domains
- Shared Domains with System Accounts
- Separate Domains with System Accounts
- Separate Domains with Virtual Accounts
- Separate Message Store
- Delivery to Commands
Mail Relaying
- Mail Relaying
- Backup MX
- Transport Maps
- Inbound Mail Gateway
- Outbound Mail Relay
- UUCP, Fax, and Other Deliveries
Mailing Lists
Blocking Unsolicited Bulk Email
- Blocking Unsolicited Bulk Email
- The Nature of Spam
- The Problem of Spam
- Open Relays
- Spam Detection
- Anti-Spam Actions
- Postfix Configuration
- Client-Detection Rules
- Strict Syntax Parameters
- Content-Checking
- Customized Restriction Classes
- Postfix Anti-Spam Example
SASL Authentication
- SASL Authentication
- SASL Overview
- Postfix and SASL
- Configuring Postfix for SASL
- Testing Your Authentication Configuration
- SMTP Client Authentication
Transport Layer Security
Content Filtering
External Databases
Appendix A. Configuration Parameters
Appendix B. Postfix Commands
Appendix C. Compiling and Installing Postfix
- Appendix C. Compiling and Installing Postfix
- C.1. Obtaining Postfix
- C.2. Postfix Compiling Primer
- C.3. Building Postfix
- C.4. Installation
- C.5. Compiling Add-on Packages
- C.6. Common Problems
- C.7. Wrapping Things Up
Appendix D. Frequently Asked Questions
EAN: 2147483647
Pages: 130
