# secure transmission of emails from forum



## lbol (Jul 8, 2021)

I have activated a guarantee for secure email reception (TLS) with my provider Posteo to protect myself against data theft and insecure data transmission.
I have a corresponding security response from the Posteo servers here:

wir haben soeben einen unsicheren E-Mail-Empfang vom Absender forum-bounces+e403df54+lbolmerg=posteo.de@forums.freebsd.org (alai.FreeBSD.org) abgelehnt. Wir haben die E-Mail wie gewünscht nicht angenommen, weil Sie die TLS-Empfangs-Garantie aktiviert haben.

which basically says: we have blocked the receipt of an email message from ...

Could this be fixed in the forum software?


----------



## SirDice (Jul 8, 2021)

lbol said:


> I have activated a guarantee for secure email reception (TLS) with my provider Posteo to protect myself against data theft and insecure data transmission.


I hate to break it to you but your email is still unencrypted, readable and modifiable when it's in transit. Every MTA along the path will be able to access it. TLS only protects the communication between two end points, it does absolutely nothing for the email content itself. 

Source email address is irrelevant when it comes to TLS. It's the MTA that tried to relay the email to your server that apparently didn't use TLS.

SMTP aka email is an inherently insecure protocol, that's why solutions like PGP exist.


----------



## covacat (Jul 8, 2021)

if the sender uses dkim then integrity can be checked buy the recipient
still as said above any mta in transit can see the message in clear text
requiring TLS for smtp is asking for problems, there are still enough legit servers that dont use it


----------



## lbol (Jul 8, 2021)

I am absolutely aware that TLS cannot solve all inherent security issues with email. I was asking because my email provider is offering an option to require TLS for incoming connections to their servers and I had activated the option. Unfortunately this option cannot be activated on a per sender or whatever basis. It's a do it or leave it thing.
But anyway, I think using TLS for email has become a widely used standard which should also be used by the forums mail servers


----------



## SirDice (Jul 8, 2021)

lbol said:


> But anyway, I think using TLS for email has become a widely used standard which should also be used by the forums mail servers


Between mail clients and servers, yes. Between MTAs, no, not yet. There are still plenty of MTAs that don't use TLS.


----------



## zirias@ (Jul 8, 2021)

SirDice said:


> Between mail clients and servers, yes. Between MTAs, no, not yet. There are still plenty of MTAs that don't use TLS.


Looking at the logs of my MTA, disregarding the tons of spam, almost all mail is delivered using TLS (including pkg-fallout, bugzilla and mailing list mails from FreeBSD). So I'd say it's pretty much standard and good practice.

OTOH, of course, it only fixes a little part of all the possible "attack vectors", just preventing eavesdropping on the connection itself.

So IMHO, just disable such options. If both MTAs support TLS, it is used automatically. If one of them doesn't, I don't see a good reason to block the mail.


----------



## sko (Jul 8, 2021)

Enforcing TLS for incoming mail is just bound to fail... With the amount of misconfigured, old or completely broken MTAs out there this idea (sadly) is just hopless - and often these servers are run by huge companies you'd expect to know better. In fact those are often the most annoying to deal with because they don't think they have to follow de-facto standards and RFCs...
I get nagged at least once a month because "we can't send you emails, it must be your fault" and 99.9% of all times it's because they use some broken MTA (or hopelessly outdated OpenSSL) that only supports outdated TLS1.1 or even lower and doesn't fall back to a non-TLS connection as required by the RFC. The most annoying ones are those outdated and broken exchange servers, that re-connect endlessly in short success until they end up on the overloaders table and get blocked by PF.

Offering such an option to customers smells like a new form of "bullshit made in germany". It only tricks users into a false believe of security/privacy which is IMHO just short of blatantly lying.


----------



## lbol (Jul 8, 2021)

Thx for all your valuable comments. I just deactivated the option and continue happily receiving emails from the forum


----------



## zirias@ (Jul 8, 2021)

lbol said:


> Thx for all your valuable comments. I just deactivated the option and continue happily receiving emails from the forum


IMHO the sane decision. Still, the request to _support_ TLS makes sense – it might be a small security gain to at least prevent eavesdropping on the way between two MTAs for otherwise unencrypted mails, but even small gains are worth the effort – IMHO.
I just don't think failure to do so is a sufficient reason to reject mail… this feature clearly violates the robustness principle.


----------



## SirDice (Jul 9, 2021)

We'll need to ask danger@ about this. The mailserver is out of my reach. I can access the forum system but not the part where the mail gets processed.


----------

