[Cialug] TLS in Postfix
Nicolai
nicolai-cialug at chocolatine.org
Sun Nov 17 13:14:36 CST 2013
On Sun, Nov 17, 2013 at 12:48:28PM -0600, David Champion wrote:
> TLS in your MTA is OK, I can tell you from experience that it's a pain to
> actually require TLS.
Yep, requiring TLS is a non-starter for publicly-facing deployments.
> Most people (I assume this is what you've done) only have it set to accept
> TLS connections when available, but will fall back to plain text when it's
> not available.
Yes, that's how it's configured, and it's verified to work correctly.
Maybe it would be cool to compile some statistics in a few weeks
after the server has seen more traffic.
> Because of this, TLS isn't really a viable alternative to email encryption.
Right.
Long term, we either need
1) a totally new email protocol with built-in E2E encryption, or
2) GnuPG built in to all mail clients, including webmail.
#1 is far more likely to happen.
Nicolai
More information about the Cialug
mailing list