Discussion:
[Maia-users] Email security
l***@mtnlion.com
2015-10-19 22:31:30 UTC
Permalink
I know that in general email is insecure. I am pretty sure I know the
answer to this, but to be double safe, I thought I would check in here.
If I send an email to someone else who has an account on my server, and
both of us are using TLS, is the message secure (encrypted) all the way?
I would assume it is since both of us are clients to the Dovecot email
server. Did I get this right?

Thanks,
Bob
Sebastian Tänzer
2015-10-19 22:37:58 UTC
Permalink
If the server is the primary MX for that domain and in general if your Dovecot is handling that domain locally for both users this is correct.

Of course, all ususal problems with encryption aside this is only valid if the setup is clean, i.e. a proper email client with valid certificated checking is used, the CA is valid, no other „fooling around“ is happening on a server between your client and the server.

And of course „eavesdropping“ at your ISP is another possibility if there is a flaw in TLS no one else knows about.

So in general - yes, it’s safe, if the mail does not leave your server and the server is not compromised itself.

Best regards,
Sebastian
I know that in general email is insecure. I am pretty sure I know the answer to this, but to be double safe, I thought I would check in here. If I send an email to someone else who has an account on my server, and both of us are using TLS, is the message secure (encrypted) all the way? I would assume it is since both of us are clients to the Dovecot email server. Did I get this right?
Thanks,
Bob
_______________________________________________
Maia-users mailing list
http://www.renaissoft.com/cgi-bin/mailman/listinfo/maia-users
Janky Jay, III
2015-10-20 01:07:29 UTC
Permalink
Hi Guys,
Post by Sebastian Tänzer
If the server is the primary MX for that domain and in general if
your Dovecot is handling that domain locally for both users this
is correct.
Of course, all ususal problems with encryption aside this is only
valid if the setup is clean, i.e. a proper email client with valid
certificated checking is used, the CA is valid, no other „fooling
around“ is happening on a server between your client and the
server.
And of course „eavesdropping“ at your ISP is another possibility
if there is a flaw in TLS no one else knows about.
So in general - yes, it’s safe, if the mail does not leave your
server and the server is not compromised itself.
+1 to this answer. It is 100% correct. Please keep in mind the very
last bit that Sebastian mentions about the server being compromised
itself. If the mail that is being stored (via SQL, flat file, etc...)
is *NOT* encrypted, then anyone with access to the data can certainly
read it. That would, however, require local access of some sort and
privileges to do so. Otherwise, providing the data does not leave the
local mail server (aside from the encrypted SMTP and IMAP/POP3 for
sending and receiving), it's safe to say the data is safe from
wandering eyes.
Post by Sebastian Tänzer
Best regards, Sebastian
Post by l***@mtnlion.com
I know that in general email is insecure. I am pretty sure I
know the answer to this, but to be double safe, I thought I
would check in here. If I send an email to someone else who has
an account on my server, and both of us are using TLS, is the
message secure (encrypted) all the way? I would assume it is
since both of us are clients to the Dovecot email server. Did I
get this right?
Thanks, Bob
Regards,
Janky Jay, III
Bob
2015-10-20 22:38:23 UTC
Permalink
Happily my ISP is a coop that values privacy above all. My servers are
secure and uncompromised. We did have a potential issue with IPMI. Our
national ISP warned about. Two of my IP addresses that pointed to IPMI
web pages on each of my servers showed up on a list of potential
targets. Thanks to the coop, we created a private network for the NAT's
that can access IPMI and now the only possible access is via a tunnel.

I'm glad my local mail is reasonably secure.

Thanks for all the help,
Bob
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Guys,
Post by Sebastian Tänzer
If the server is the primary MX for that domain and in general if
your Dovecot is handling that domain locally for both users this
is correct.
Of course, all ususal problems with encryption aside this is only
valid if the setup is clean, i.e. a proper email client with valid
certificated checking is used, the CA is valid, no other „fooling
around“ is happening on a server between your client and the
server.
And of course „eavesdropping“ at your ISP is another possibility
if there is a flaw in TLS no one else knows about.
So in general - yes, it’s safe, if the mail does not leave your
server and the server is not compromised itself.
+1 to this answer. It is 100% correct. Please keep in mind the very
last bit that Sebastian mentions about the server being compromised
itself. If the mail that is being stored (via SQL, flat file, etc...)
is *NOT* encrypted, then anyone with access to the data can certainly
read it. That would, however, require local access of some sort and
privileges to do so. Otherwise, providing the data does not leave the
local mail server (aside from the encrypted SMTP and IMAP/POP3 for
sending and receiving), it's safe to say the data is safe from
wandering eyes.
Post by Sebastian Tänzer
Best regards, Sebastian
Post by l***@mtnlion.com
I know that in general email is insecure. I am pretty sure I
know the answer to this, but to be double safe, I thought I
would check in here. If I send an email to someone else who has
an account on my server, and both of us are using TLS, is the
message secure (encrypted) all the way? I would assume it is
since both of us are clients to the Dovecot email server. Did I
get this right?
Thanks, Bob
Regards,
Janky Jay, III
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlYlk9EACgkQGK3MsUbJZn4pAQCeJt7ykl+2bKAnQYeGVRP4UFQP
OSEAn3xtUWdNlkj5N5Qas0DqU/SddaNX
=reD1
-----END PGP SIGNATURE-----
_______________________________________________
Maia-users mailing list
http://www.renaissoft.com/cgi-bin/mailman/listinfo/maia-users
Loading...