Its for the MTA (message transfer agent) (server to server) traffic on port 25.
postfix discourages it. Quote Postfix Configuration Parameters
smtp_tls_security_level
encrypt
This security level is not an appropriate default for systems delivering mail to the Internet.
I haven’t found any security blogs / advice setting postfix
smtp_tls_security_level=encrypt
on search engines. Whonix.org would be the first one to do this.
There are two cases:
- A) third-party servers that receive e-mails to whonix.org that harden their security
- B) those that don’t.
In case of A), outgoing e-mail TLS encryption is already enforced through MTA-STS or DANE.
In case of B), well, if the servers that receive e-mails from whonix.org don’t care about MTA-STS or DANE we might be able to force them to use TLS by switching that setting.
E-mail security generally is awful anyhow. A supported stronger patch so to speak is OpenPGP - Kicksecure.
Note:
- This is only about the whonix.org server for sending e-mails to users, probably for forums/wiki account/notifications.
- This isn’t about the Whonix software.
- Whonix is not and does not aspire to become an e-mail service that offers services to users.
- Sending e-mail from whonix.org is only a very auxiliary project activity that I’ve assigned a very low priority given all other development work.
- Private Communications Policy
For sending e-mails, compatibility is more important than transport layer security because incoming e-mails might have legal importance (when replying to a legal request that is hopefully never coming). Also users attempting to sign-up using some new temporary / throw-away / passwordless / no sign-up required e-mail service might not receive their sign-up e-mail and not even receive a notification why that is happening. Also this issue would be difficult to debug, only by keeping e-mail logs and investigating these if a user manages to report the issue using a functional e-mail address somehow.
For these reasons, I won’t implement this.
Related:
I think this has better reasonable cause to keep the encryption “may” specially when forums/wiki… registrations included.
(Although its very bizarre nowadays to have someone using old and insecure email server setup on his machine)