Domain: homeport.org
Stories and comments across the archive that link to homeport.org.
Comments · 9
-
Re:Time for a new protocol
STARTTLS is your friend. http://www.homeport.org/~adam/starttls.html
-
MX and StartTLS, was Re:This is Why...
You better re-examine your idea of security here. For starters, your ISP that you connect your server to can easily store both sides of a conversation...it has to pass through their server *both ways* for you to communicate.
Well, no.
If you truly run your own mail server, with MX records rather than using your ISP's POP box as a store-and-forward, then it isn't going through their server. Technically
;>. The only real difference this makes is that your communications clearly fall under the Pen Register rules rather than the Wiretap rules when the authorities try to legally obtain info about your communications.It does still go through their network. But that's a (slightly) different matter. Yes, they can still sniff the traffic both ways. This is where StartTLS comes in. If your mail server offers StartTLS, and the remote mail server is willing to try it, then everything except the EHLO of the SMTP transaction is encrypted just as HTTPS web pages are.
You can easily set up most mail servers to run "Opportunistic" StartTLS. That is to say, "Offer it, and take advantage if someone else offers it, but don't require it." For the purposes of encryption, it doesn't matter that most people will use self-signed certificates. (Yes, that kills authentication.)
You can also require StartTLS, but that would impact your ability to send and receive mail to sites not configured to do StartTLS. (But for the paranoid, it bears mentioning.)
Google quickly found a few sites for various mail transfer agent configurations:
In short... my mail server secures mail with anyone else who cares to do so. If you are enough to run your own server, consider caring enough to offer and take advantage of StartTLS encryption.
N.B. - If self-signed certs are a pain (and they are), look into CAcert.
-
Re:All too brief...
Sounds like you're talking about RSA's SecurID products.
These things are expensive to purchase and deploy. Who's gonna foot that bill? Just the users who can't get the hang of responsible computing....or all of us?
Besides, SecureID does have its flaws...no panacea here. -
By making me less trustful of my own government.
I used to be apathetic about government and politics. Uniniterested in 'what those wanks in Washington were doing'. The first inkling of a problem was the CDA (Communications Decency Act), which was scary, but okay, some bad legistlation is bound to happen.
Then Bush and his cronies moved in, and anything even approaching preservation of civil liberties, the Constitution, or... okay, lets be honest, our dignity... went totally out the window in pursuit of idealism and Empire building.
I'm ashamed that the coutnry I live in could put a man like George Bush in power, could support a congress that would ratify such onerous legislation as the Patriot Act, and, what's worse, even consider re-electing this man. (As I type this, the US elections are still undecided).
More commentary on my blog, I'm done ranting here. :) -
Single worst day was only 67?
Single worst spam day by number of messages: August 22, 2002. 67 pieces of spam. The vertical blue line.
This guy needs to get out more. I set up monitoring of all my spam and total message traffic for the last couple years. My current average is around 350-450 spams per day. Check out the spam report I run every night.
Virii? That's a different report. I seperate my virii out of the entire mail feed for the 3-4 domains I run (yay amavisd and postfix). The virii report is a lot more variable, with as many as 1600 viruses a day, and as few as 10, though that's pretty rare.
Spam filtering here is done via amavisd + postfix + spamassassin + some custom rules. -
Single worst day was only 67?
Single worst spam day by number of messages: August 22, 2002. 67 pieces of spam. The vertical blue line.
This guy needs to get out more. I set up monitoring of all my spam and total message traffic for the last couple years. My current average is around 350-450 spams per day. Check out the spam report I run every night.
Virii? That's a different report. I seperate my virii out of the entire mail feed for the 3-4 domains I run (yay amavisd and postfix). The virii report is a lot more variable, with as many as 1600 viruses a day, and as few as 10, though that's pretty rare.
Spam filtering here is done via amavisd + postfix + spamassassin + some custom rules. -
Re:Oh the irony...
I have no idea what you're talking about, the site renders -perfectly- for me. Check out the screenshot (this is Debian Linux w/ some extensions + FF 0.9.1)
screenshot -
Postfix - enable opportunistic encryption
...considering that all the email will have been delivered across the 'net by insecure, plain-text SMTP anyway?
It's a good point, but the right thing to do is to fix the SMTP end, then the SSL matters.
I was suprised how easy it was to enable opportunistic encryption under Postfix after it was setup for TLS SMTP sessions. Watching the logs was surprising - a large number of sites will actually negotiate TLS SMTP sessions given the chance.
So if you're a postfix admin and a freedom-loving cypherpunk, get this turned on for the good of mankind. -
hand-held special crypto device