The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Policy-Enforced TLS

Discussion in 'E-mail Discussions' started by C4talyst, May 13, 2010.

  1. C4talyst

    C4talyst Well-Known Member

    Joined:
    Jun 21, 2008
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Hello, I have a client that would like to use Policy-Enforced TLS encryption when emails are sent from his domain to a specified remote domain. I know this is possible with cPanel as I've read about it in the past, however, I'm unable to find any notes on the web about setting it up. Has anyone done this before or have any pointers for me? Thanks!
     
  2. thobarn

    thobarn Well-Known Member

    Joined:
    Apr 25, 2008
    Messages:
    153
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    sanctum sanctorum
    There is not a magic statement you can add to config that will enable Policy-Enforced TLS, It is not a setting, it is a service. You need to use a third party service provider like Postini. If having plaintext messages on the server is not an issue, just use TLS (or whatever your MTA), which is there by default, ready to use. Otherwise get everyone involved a key, distribute the keys and the relevant policy (the one which you/your company wrote) to relevant people and encrypt/decrypt on send/receive, though some end-user training/discipline is required.
     
  3. C4talyst

    C4talyst Well-Known Member

    Joined:
    Jun 21, 2008
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    I'm pretty sure I can accomplish TLS email encryption between domains without a 3rd party service. I read an article on doing this w/ cPanel a couple of months ago and cannot locate it now. In the article they mentioned creating a config file, probably for Exim, that would accomplish this.

    I'm still digging; if I get this figured out I will post an update.
     
  4. thobarn

    thobarn Well-Known Member

    Joined:
    Apr 25, 2008
    Messages:
    153
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    sanctum sanctorum
    Re-read my post. I did not say you need 3rd party for TLS, I said
    I also said
    So direct your email clients to ports 995/465 for (POP3)/(SMTP) respectively and you will be using SSL/TLS. Also note that when you use SSL/TLS it is not the emails that are encrypted but the connection between the sender/recipient and the mail server which is why I qualified that sentence
    .
     
  5. C4talyst

    C4talyst Well-Known Member

    Joined:
    Jun 21, 2008
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Do I really need a 3rd party service for Policy-enforced TLS? My goal is for emails (not connections between client/server) to be encrypted when DOMAIN-X (hosted on my cpanel box) sends an email to DOMAIN-Y, hosted elsewhere w/ TLS support.
     
  6. C4talyst

    C4talyst Well-Known Member

    Joined:
    Jun 21, 2008
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
  7. thobarn

    thobarn Well-Known Member

    Joined:
    Apr 25, 2008
    Messages:
    153
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    sanctum sanctorum
    Sigh. Once again, it is the _connection_ between the client and the email server that is encrypted, not the emails. TLS = Transport Layer Security. Exim does NOT support encryption of emails it transports. The condition encrypted referred to in Exim configuration is about the connection.

    This is the usual sciolistic drivel you get nowadays at many places on the Internet. What is Exim encrypting the email with? What keys it is using for encryption/decryption of the emails. How does it obtain the recipients' keys? Where does it keep the senders' keys?

    Do not take my word for it, go and ask the developers

    Edited to add: Here, someone already asked, OP was at least hoping to use another program to do the encryption/decryption.
     
    #7 thobarn, May 20, 2010
    Last edited: May 20, 2010
  8. C4talyst

    C4talyst Well-Known Member

    Joined:
    Jun 21, 2008
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Ahh crud, I see what you're saying...I misinterpreted what that page was explaining. I guess I'll set them up w/ postini...and thanks.
     
Loading...

Share This Page