Changes

Page history
enforce mandatory verification in postfix configuration authored by anarcat's avatar anarcat 
Our previous configuration did not actually check the server's x509
certificate, which is a serious flaw. `encrypt` is nice because it
enforces *some* TLS, but is vulnerable to trivial active MITM attacks
by anyone with an OpenSSL installation.

Also expand the documentation on the security level stuff to clarify
why we might want to use it.
Show whitespace changes
Inline Side-by-side
service/email.md
View page @ cad3b348
......@@ -215,7 +215,7 @@ following commands:
postconf -e smtp_sasl_password_maps=hash:/etc/postfix/sasl/passwd
postconf -e smtp_sasl_security_options=
postconf -e relayhost=submission.torproject.org:submission
postconf -e smtp_tls_security_level=encrypt
postconf -e smtp_tls_security_level=secure
postfix reload
The `/etc/postfix/sasl/passwd` file holds `hostname user:pass`
......@@ -233,10 +233,14 @@ Note that this method stores your plain text password on disk. Make
sure permissions on the file are limited and that you use full disk
encryption.
`may` can be used as a `security_level` if we are going to send mail
to other hosts which may not support security, but make sure that
mails are encrypted when talking to the `relayhost`, for example
through a `smtp_tls_policy_maps`.
You might already have another `security_level` configured for other
reasons, especially if that host already delivers mail to the internet
at large (for example: [dane](http://www.postfix.org/TLS_README.html#client_tls_dane) or [may](http://www.postfix.org/TLS_README.html#client_tls_may)). In that case, do make
sure that mails are encrypted when talking to the `relayhost`, for
example through a [`smtp_tls_policy_maps`](http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps). You want at least the
`verify` (if you trust DNS to return the right MX records) or `secure`
(if you don't). `dane` *can* work (for now) because we do support
DNSSEC, but that might change in the future.
If you want to use Tor's submission server *only* for mail sent from a
`@torproject.org` address, you'll need an [extra step](http://www.postfix.org/SASL_README.html#client_sasl_sender). This should
......
......