Mail Server Setup

Corey Edwards tensai at zmonkey.org
Sun Jun 1 18:24:29 MDT 2014


On Sun, Jun 1, 2014 at 5:48 PM, Brian J. Rogers <captbrogers at gmail.com>
wrote:

> Are there benefits to getting an SSL certificate for it rather than just
> using a self-signed one?


How many users will you have? Are they technical? If it's just for
yourself, a self-signed cert may be OK. The first time you set up a client,
you'll have to accept the cert. Other than that, not usually a problem. If
you have other, non-technie users then it's nice to have a proper cert.


> Would I be able to force the server to never make
> a connection with a client (phone/desktop) without SSL/TLS encryption?


You could block access to the non-TLS ports (port 25, 110, 143). That would
have the effect. If your server supports it, you could require STARTTLS on
the standard ports.


> Is
> there a way to require a SSL/TLS connection from other mail servers before
> accepting mail?


Sure, but it depends on your server software. For example in Exim, you can
write an ACL to require encryption:

acl_check_rcpt:
    deny message = TLS encryption required
         encrypted = no


> If there is, does that present problems with any server
> that doesn't support that feature?
>
>
Yes. You will not get all your email that way. Not all email servers
support it. You can get an idea of how the major players are doing at EFF's
site.

https://www.eff.org/deeplinks/2013/11/encrypt-web-report-whos-doing-what

Corey


More information about the PLUG mailing list