lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: asp at webexc.com (Ben Timby)
Subject: SMTP Encryption (S/MIME) for Outlook question

Brandon, we use Mozilla, and it's S/MIME features. You can get free 
personal certs from thawte.com. Also, we use postfix for our mailserver, 
  and have enabled TLS, where available (from client to server, and 
sometimes from server to server) the SMTP traffic is encrypted. The 
remote server must also support TLS, postfix tries it first. When we 
send sensitive info, we encrypt it using S/MIME to ensure it is safe. I 
sign all my messages to verify integrity. Using S/MIME is a client 
thing, as it must manage the key pairs for that particular user, while 
TLS can be implemented at the server.

I would suggest both. By the way, we use SSL/IMAP (courierIMAP) for 
reading mail as well!

Fetch, Brandon wrote:

> No flames here please.  I've just been asked about running some form of
> encryption on our mail clients (Outlook) to send encrypted SMTP across the
> Internet and would like some opinions/directions.
> 
> Our userbase isn't that technical so we'd need something that is pretty user
> friendly (I know, divergent goals) but is still secure to a point.
> 
> I don't know the exact details on their goals other than preventing random
> eavesdropping (sniffing) of clear-text SMTP traffic across the Internet to a
> remote, non-internal destination.
> 
> What do other Win/Exchange/Outlook IT admins use for S/MIME?  
> 
> BTW, if there's something that will run on top of the SMTP gateway server or
> the internal Exchange server to encrypt the message before being routed to
> the Internet, this is also acceptable.  I figure there must be something
> available that works like this.
> 
> TIA,
> 
> Brandon Fetch
> 817-871-4036
> -- carpe ductum -- "Grab the tape"
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ