SMTP - TLS

Even though usual remailer mail is already encrypted, TLS adds security because the key used in TLS sessions usually is ephemeral - i.e. it only exists for seconds and is destroyed immediatly after use. Whether or not short-lived keys are used depends on the cipher suite chosen. (The EDH (Ephemeral Diffie-Hellman) ciphers use ephemeral keys.)

Ephemeral keys make it impossible to decrypt data which was eavesdropped at one time by compromising a remailer's key later.

Since remailer keys are valid for weeks, sometimes years, this makes remailing more secure.

The submission column indicates that a mailserver acceps mails on port 587 (submission). The smtps column that it accepts SSL connections on port 465 (smtps) for use with stunnel and similar. Some hosts also accept normal connections on port 2525 - this is indicated in the column 2525. Please note that some hosts may enforce the use of TLS on the submission port.

Stunnel can do STARTTLS using -n smtp or with protocol = smtp in your config file, depending on your version.

See the Encrypted Email - TLS/SSL on banasplit for a howto on using stunnel on Windows with Quicksilver and JBN2.

remailer	mail exchanger	priority	TLS	submission	smtps	2525	error/warning
<>
			">YES	announced - does not work	no	N/A	yes	no	">yes	no	yes	no

Built at .