STARTTLS for outgoing email

[Jim Castleberry]

The zoneedit mail servers offer STARTTLS security for incoming mail but they don't use it for outgoing mail when the receiving server offers it. That means email forwarded for client domains and email from Zoneedit to clients is always transferred insecurely.

Setting up outgoing STARTTLS could be as simple as adding "smtp_tls_security_level=may" to your postfix configuration. Please consider enabling it.

Thanks.

 

[sandy]

Hi there

at present we offer SSL support:

Available ports (TLS optional):25, 465 (SSL), 587, 2025, 2026, 20025, 20026

thanks
sandy

 

[Jim Castleberry]

I don't think you understand... the ports you listed are for incoming connections TO zoneedit servers, and SSL is working fine for that. But for outgoing connections FROM zoneedit to other sites the zoneedit servers are not using SSL. When mail is delivered from zoneedit to me, my server says it supports the SSL/TLS but the zoneedit server doesn't activate it.

To enable SSL/TLS for outgoing mail in postfix 2.3 and newer add "smtp_tls_security_level = may" to the configuration (main.cf) and do "postfix reload". Then your server will use SSL for outgoing mail when the receiver supports it.

 

[sandy]

Hi Jim

can you provide a specific example of an email or 2 you saw this with? Our tier 2 has been looking at the postfix settings and everything relating to use_tls is marked as yes, so it looks like we should be doing that, We'll need to check the logs for details to try and sort out what is going wrong.

thanks
sandy

 

[Jim Castleberry]

I just replicated the problem with a test email but I don't want to post actual email headers in an open forum. I'll open a support case and post it there.

 

[sandy]

sounds good.
I will be on the look out.

Sandy