On Mon, 21 Aug 2017, Gary wrote:
If I read this correctly, starttls will fail due to the MITM attack. That is the client knows security has been compromised. Using SSL/TLS, the MITM can use SSL stripping. Since most Postifx conf use "may" for security, the message would go though unencrypted. Correct???
Hi,
many people think, the email is encrypted (secured), because it is sent through encrypted submission connection to client's smtp/submission server. I know some case, where one users sends credit card numbers over encrypted channel to SMTP server and he thinks the card numbers are protected!
WRONG!!! The email is stored plain-text on the first server and then it can be sent to other few MX servers over plain-text connection. I.e. encrypted connection does not protect emails, but the authentication credentials.
Users should know, that they have to encrypt the email itself, if they want protect it.
Regards,
Robert Wolf.