Hi all, I want to understand if I raise and configure 2 VDS servers with email(different domains), Let’s Encrypt certificate, TLS 1.2-1.3 will messages sent from server to server be safe, or should they be encrypted additionally by creating keys? Thanks
You should think about an easy question: How can server A be sure to talk to your server B?
If the server can verifiy this, then TLS will do it.
(It can when using DANE or a simple certificate pinning on both sides.)
Well, since I understand I will release a certificate on domain A and on domain B, but in general there is something in your thought about interception, as the result is not a guarantee of interception, fakes of the DNS. And therefore, encryption by keys is most reliable. Thank you
You need to understand how the SMTP protocol work and then you will learn that the only way to ensure messages are not read - is to encrypt the message itself using gpg.
Technically yes - the TLS tunnel is encrypting the traffic - it is the same situation with https:// protocol.
But as the messages are stored on the servers in clear text there may be additional steps to be taken - depending on the confidentially.
These steps could be encrypting the message body using gpg and using encrypted storage on the server side.
You will not be able to encrypt metadata such as size and headers.
2 Likes
Yes, thanks, I’ve already come to that. I searched on the server and couldn’t find where the messages are stored in an open file. If you know, please tell me where to find the message log. Thanks
That depends on the software running on the server - it has been many years since I quit running mail server.
And it depends whether it only fowards mail or store mail for later retrieval (imap or pop3).
As for logs they are usually stored in /var/log.
1 Like
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.