Enforce email mandatory TLS on outgoing emails

Website
1

Its for the MTA (message transfer agent) (server to server) traffic on port 25.

1 Like
2

postfix discourages it. Quote Postfix Configuration Parameters

smtp_tls_security_level
encrypt
This security level is not an appropriate default for systems delivering mail to the Internet.

I haven’t found any security blogs / advice setting postfix

smtp_tls_security_level=encrypt

on search engines. Whonix.org would be the first one to do this.

There are two cases:

  • A) third-party servers that receive e-mails to whonix.org that harden their security
  • B) those that don’t.

In case of A), outgoing e-mail TLS encryption is already enforced through MTA-STS or DANE.
In case of B), well, if the servers that receive e-mails from whonix.org don’t care about MTA-STS or DANE we might be able to force them to use TLS by switching that setting.

E-mail security generally is awful anyhow. A supported stronger patch so to speak is OpenPGP - Kicksecure.

Note:

  • This is only about the whonix.org server for sending e-mails to users, probably for forums/wiki account/notifications.
  • This isn’t about the Whonix software.
  • Whonix is not and does not aspire to become an e-mail service that offers services to users.
  • Sending e-mail from whonix.org is only a very auxiliary project activity that I’ve assigned a very low priority given all other development work.
  • Private Communications Policy

For sending e-mails, compatibility is more important than transport layer security because incoming e-mails might have legal importance (when replying to a legal request that is hopefully never coming). Also users attempting to sign-up using some new temporary / throw-away / passwordless / no sign-up required e-mail service might not receive their sign-up e-mail and not even receive a notification why that is happening. Also this issue would be difficult to debug, only by keeping e-mail logs and investigating these if a user manages to report the issue using a functional e-mail address somehow.

For these reasons, I won’t implement this.

Related:

3

I think this has better reasonable cause to keep the encryption “may” specially when forums/wiki… registrations included.

(Although its very bizarre nowadays to have someone using old and insecure email server setup on his machine)

1 Like