Highest Voted 'starttls' Questions

79

votes

8 answers

Is STARTTLS less safe than TLS/SSL?

In Thunderbird (and I assume in many other clients, too) I have the option to choose between "SSL/TLS" and "STARTTLS". As far as I understand it, "STARTTLS" means in simple words "encrypt if both ends support TLS, otherwise don't encrypt the…

ssl encryption starttls

asked Jul 16 '13 at 19:07

Foo Bar

939

18

votes

2 answers

Is it still "wrong" to require STARTTLS on incoming SMTP messages

According to the STARTTLS Spec Section 5: A publicly-referenced SMTP server MUST NOT require use of the STARTTLS extension in order to deliver mail locally. This rule prevents the STARTTLS extension from damaging the interoperability of the…

email smtp starttls

asked Aug 24 '14 at 21:47

jackweirdy

303

13

votes

3 answers

Postfix configure to use TLSv1.2

I start build my first cloud server: Ubuntu 16.04 with postfix. Question is how can i configure postfix to use TLSv1.2 when i send mail from my webshop? When my webshop sending mail to my postfix server it uses TLSv1 Here is…

postfix starttls

asked Sep 19 '16 at 09:03

John Steave

153

10

votes

1 answer

Postfix Recipient address rejected: Access denied Error

Trying to use zend mail smtp to send email from my php app login authenticated and give me this constant error I don't have to deal with I look into de 36 question here on serverfault.com changing parameters as they explain without success. The…

postfix tls smtp-auth starttls

asked Jan 13 '15 at 13:55

MikZuit

391

9

votes

2 answers

Postfix "Trusted TLS connection established" but "Server certificate not verified"

I´m using a Postfix TLS Policy to enforce TLS for outgoing email. Unfortunately in some cases the certificate verification fails and I don´t know why. For instance, this is an excerpt of my TLS Policy #/C=US/O=DigiCert…

postfix tls starttls

asked Feb 26 '16 at 09:53

Jofre

569

9

votes

2 answers

TLS: hostname does not match CN in peer certificate

im trying to connect LDAP over StartTLS but Im stuck with an issue. I've followed step by step this guide https://help.ubuntu.com/12.04/serverguide/openldap-server.html#openldap-tls and LDAP it's working OK as well as "ldapsearch -xZZ -h…

ldap certificate starttls

asked Nov 28 '12 at 19:26

borjamf

99

8

votes

2 answers

How can I decrypt STARTTLS communication over SMTP in a packet capture (if I have the private key)?

For the purpose of troubleshooting, I need to see what an email looks like when it's sent to my sendmail server via SMTP. The upstream server requires the SMTP connection to use STARTTLS so a packet capture only shows me encrypted data. Is there a…

ssl sendmail wireshark packet-capture starttls

asked Aug 11 '17 at 17:29

Mike B

12,304

8

votes

2 answers

lost connection after STARTTLS: Postfix

I've setup a Postfix + Courier server and have a Rails app configured with the SMTP server settings. Whenever the Rails app tries to send an email, this is what appears in the Postfix log (additional log verbosity set in master.cf) Feb 22 03:57:24…

ssl postfix ruby-on-rails tls starttls

asked Feb 22 '11 at 04:00

webo

193
1
2
5

8

votes

1 answer

Why do certificate CNs not match the hostnames provided in MX records?

I'm the author of checkdmarc, an open source CLI tool for checking DMARC and other email security standards. One of those checks involves testing if the mail servers listed in a domain's MX records supports TLS. I'm finding in many situations the…

ssl email smtp email-server starttls

asked Jul 16 '24 at 15:18

Sean W.

371

8

votes

3 answers

Why is port 587 preferred over port 465 in SMTP?

I have recently been developing a C# client which sends emails via a SMTP server. However I have been as to what the different terms ment, like: STARTTLS/TLS/SSL... I had a faint idea of what they ment out of context, but email wise i had no…

ssl email smtp starttls

asked May 28 '21 at 09:53

Choppa dude

95

6

votes

3 answers

SNI like equivalent for starttls

I am trying to host two seperate domains on one IP address. I want to be able to determine from the STARTTLS command which certificate was being requested and forward to a different mail server based on the domain. This doesn't seem to be possible…

smtp starttls

asked Jun 16 '17 at 21:59

user420606

6

votes

1 answer

postfix TLS configuration for incoming gmx-mail

I set up my mailserver with postfix 2.7.1 and dovecot 1.2.15 and everything seemed to work just fine, but now I found out that people using @gmx.net addresses cannot send emails to me and rather receive the error message Connected to …

postfix configuration tls starttls

asked Oct 13 '12 at 23:13

Stefan

163

5

votes

1 answer

How to mitigate STARTTLS MITM (downgrading and forged certificates) between email servers?

I'm not as technically inclined as most on this site so please keep that in mind. I wanted to learn more about email security so I did some research and everything is according to my understanding, so please correct me wherever needed. The…

ssl tls starttls

asked Jun 04 '15 at 02:25

Ian Last

51

5

votes

1 answer

Postfix STARTTLS only on port 25

I want to enable STARTTLS on port 25, but for unknown reasons it only works on port 465. master.cf: smtp inet n - - - - smtpd -o syslog_name=postfix/smtp -o smtpd_tls_wrappermode=yes -o…

debian postfix smtp tls starttls

asked Mar 19 '15 at 15:38

JohnnyFromBF

1,289

5

votes

0 answers

LDAP with TLS: connect error(-11)

I configured OpenLDAP and today I've configured the TLS for more security following these guide lines: Configure OpenLDAP with TLS=required Modifying the cn=config.ldif with config file: dn: cn=config changetype: modify add:…

openldap tls ldap starttls

asked Feb 04 '15 at 15:23

Neil

365

Questions tagged [starttls]