[SATLUG] Setting up email server

Brad Knowles brad at shub-internet.org
Thu Sep 13 16:21:00 CDT 2007 

On 9/13/07, Samuel Leon wrote:

>  Return-Path: <leon at datanet.ath>
>  Received: from datanet.ath (cpe-72-183-198-134.satx.res.rr.com
>  [72.183.198.134])
>        by mx.google.com with ESMTP id 7si3415973aga.2007.09.12.17.56.25;
>        Wed, 12 Sep 2007 17:56:27 -0700 (PDT)
>  Received-SPF: neutral (google.com: 72.183.198.134 is neither permitted
>  nor denied by best guess record for domain of leon at datanet.ath)
>  client-ip=72.183.198.134;

Somewhere, this machine is getting the name "datanet.ath", which is 
not a valid domain name.  You're going to want to change that to 
something more appropriate.  And you might want to talk to your ISP 
about getting your reverse DNS to point to your preferred domain 
name, once that's all set up.

>  Does the "/(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))"
>  /mean that the connection was encrypted from my smtp server to the
>  recipient smtp server (encrypted over the internet)?  Or does it just mean
>  the the connection was encrypted from thunderbird to my smtp server then
>  sent in clear there afterwards?  If it is sent unencrypted over the
>  internet, anyway to fix that?

There was a TLS encryption at the injection point, presumably from 
Thunderbird, but that's it.


You'd need to set up your mail server to use opportunistic TLSSMTP 
link encryption, if you want to encrypt your outgoing connections to 
those servers who support this function.  However, this causes more 
work for the recipient machines and many sites may not turn on this 
feature, so I'm not sure how much that would get you.

Moreover, some sites advertise TLSSMTP, but they don't implement it 
correctly, so by using this feature with those sites you would end up 
breaking your e-mail to them.  You'd need to have your own manual 
pinklist [0] you keep of various sites that advertise TLSSMTP but 
which do not implement it correctly, so that you could use TLSSMTP 
everywhere else that it's available but not with the sites on your 
pinklist.

Of course, TLSSMTP is just link encryption and doesn't encrypt the 
message itself.  If you want that, you need to configure your client 
to do that.












[0] It's not a whitelist, blacklist, or greylist.  What other color 
name would you choose for this function?

-- 
Brad Knowles <brad at shub-internet.org>
LinkedIn Profile: <http://tinyurl.com/y8kpxu>

More information about the SATLUG mailing list