Tools for checking TLS support and email servers exist and should be used to validate that your mailsystem can use TLS
https://www.checktls.com
https://ssl-tools.net/mailservers/
ssl tools is the best out of the 2 with reports on errors and weak systems. Take this MX host
You can use openssl and starttls for testing mailservers;
e.g
openssl s_client -connect yourmailhost.mydomain.com:25 -starttls smtp -ssl3
Why do we care for TLS within our email systems?
We need to ensure we use encryption during transport and that we are not exposed or vulnerable.
For various compliance requirements we want to protect data sent between 2 parties, by using and enforcing TLS per rcpt domain we can ensure we at least protect mail in transit. IBE ( identity base encryption is better or just encrypting the mail data as a attachment is even better )
Many pro and con exist for mail security and the management of these methods could require more support and add complexity.
At minimum we should support TLS for SMTP connections and ensure we are running TLS v1.0 or better an with a strong cipher.
Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment