Solved

Encryption for e-mail local delivery

Posted on 2016-10-09
1
46 Views
Last Modified: 2016-10-10
Hello!

I understand well what happens when SMTP server, say Postfix contacts remote SMTP server to send or receive mail. The connection could (and should) be encrypted, certain ports must be used and the certificate must be valid and accepted by all parties.
But when it comes to the local e-mail delivery for me it's a grey area. Ok, let's say if we're talking about receiving mail and Postfix already got it from the remote server. Then we have MDA (like Courier) that takes the mail from Postfix and gives it to a MUA (like Thunderbird Mail, for example). I'm talking about one physical machine and one user session. What the purpose of the encryption if it all happens inside and no third party could be present? And if it's the case of the same computer and the same user, then does the validity of the cert play any role for e-mail delivery process from Postfix via Courier to Thunderbird Mail?
0
Comment
Question by:papa kota
1 Comment
 
LVL 37

Accepted Solution

by:
ArneLovius earned 500 total points
ID: 41836763
The delivery of mail over the internet can happen within STARTTLS

the MTA (Postfix/Sendmail/QMAIL) does not encrypt mail in this scenario, the mail is sent in plain text, but the communication between the mail servers that carries the email is encrypted.

After delivery from the remote MTA, the email exists on the server in a plain text form. The email is not "sent" to Courier-IMAP, or the MUA such as Thunderbird, but rather Thunderbird connects to courier (hopefully over IMAPS) which then opens the "mailbox" effectively "proxying" access to the mailbox, again the connection is in plaintext, with the communication encrypted with IMAPS.

IMAP/IMAPS and SMTP/SMTP STARTTLS have a similar relationship to HTTP/HTTPS

If Postfix, Courier-IMAP and Thunderbird are all of the same single user machine connecting over localhost, then the IMAPS certificate is less of an issue as sniffing the traffic across a network is no longer possible, but it still should be used in case somebody is able to run a a packet sniffer on the computer.

If you have a public certificate for SMTP STARTTLS, then I would usually use the same certificate for IMAPS
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Sendmail STARTTLS error 37 134
Weekend adv creator 3 52
Failed to send some messages Negative SMTP reply 550 5.7.1 From address. 7 104
Distribution groups exchange 2013 6 57
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question