web/tls/template.tmpl


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head><title>TLS @ noreply</title></head>
<body bgcolor="#aaaaaa" text="#000000" LINK="#0000ff" ALINK="#ff0000" VLINK="#ff0000">
<table cellpadding=0 cellspacing=0 width="100%">
<tr><td colspan=2 bgcolor="#444444"><font color="#ffffff"><a href="/"><font color="#bbbbff">www.noreply.org</font></a> :: TLS </font></td></tr>
<tr><td colspan=2 bgcolor="#ffffff">&nbsp;</td></tr>
<tr><td bgcolor="#ffffff">&nbsp;</td>
<td bgcolor="#ffffff">

<h1>SMTP - TLS</h1>

<strong>T</strong>ransport
<strong>L</strong>ayer
<strong>S</strong>ecurity (similar to SSL)
brings forward secrecy to Internet Email by encrypting SMTP traffic.
<p>
Even though usual remailer mail is already encrypted, TLS adds security
because the key used in TLS sessions usually is ephemeral - i.e. it only
exists for seconds and is destroyed immediatly after use.  Whether or
not short-lived keys are used depends on the cipher suite chosen.
(The EDH (Ephemeral Diffie-Hellman) ciphers use ephemeral keys.)
<p>
Ephemeral keys make it impossible to decrypt data which was eavesdropped at one
time by compromising a remailer's key later.
<p>
Since remailer keys are valid for weeks, sometimes years, this makes
remailing more secure.

<p>
The submission column indicates that a mailserver acceps mails on port 587
(submission).  The smtps column that it accepts SSL connections on port 465
(smtps) for use with stunnel and similar.  Some hosts also accept normal
connections on port 2525 - this is indicated in the column 2525.  <!--The same
holds true for port 25000.-->
<em>Please note that some hosts may enforce the use of TLS on the submission port.</em>

<p>
<!--More recent stunnel versions can also do STARTTLS using <code>-starttls smtp</code>.-->
Stunnel can do STARTTLS using <code>-n smtp</code> or with </code>protocol = smtp</code> in your config file, depending on your version.

<p>
See the <a href="http://www.bananasplit.info/mailtls.html">Encrypted Email
- TLS/SSL</a> on <a href="http://www.bananasplit.info/">banasplit</a> for a
  howto on using stunnel on Windows with Quicksilver and JBN2.

<p>
<table border=0 cellpadding=2 cellspacing=0>
<tr> <th>remailer</th><th>mail exchanger</th><th>priority</th><th>TLS</th><th>submission</th><th>smtps</th><th>2525</th><!--<th>25000</th>--><th>error/warning</th> </tr>
<TMPL_LOOP NAME="remailer">
	<tr><td colspan="9" bgcolor="#77e7ef"><strong><TMPL_VAR NAME="nick"></strong> &lt;<TMPL_VAR NAME="address">&gt;</td></tr>
	<TMPL_LOOP NAME="mx">
		<tr><td>&nbsp;</td>
		<td class="monowidth"><TMPL_VAR NAME="mx"></td>
		<td align="right"><TMPL_VAR NAME="pri"></td>
		<TMPL_IF NAME="result-defined">
			<TMPL_IF NAME="result">
				<TMPL_IF NAME="tls">
					<td align="center" bgcolor="#baffcc"><!--YES -
					--><a href="<TMPL_VAR NAME="cert_url">">YES</a><TMPL_IF NAME="tls-cipher"><br><small><TMPL_VAR NAME="tls-cipher"></small></TMPL_IF></td>
				<TMPL_ELSE>
					<td align="center" bgcolor="#ff7f7f">announced -
					does not work</td>
				</TMPL_IF>
			<TMPL_ELSE>
				<td align="center" bgcolor="#ffb7b7">no</td>
			</TMPL_IF>
		<TMPL_ELSE>
			<td align="center">N/A</td>
		</TMPL_IF>
		<TMPL_IF NAME="submission">
			<td align="center" bgcolor="#daffec">yes</td>
		<TMPL_ELSE>
			<td align="center">no</td>
		</TMPL_IF>
		<TMPL_IF NAME="smtps">
			<td align="center" bgcolor="#daffec"><!--yes -
			--><a href="<TMPL_VAR NAME="ssl_url">">yes</a><TMPL_IF NAME="ssl-cipher"><br><small><TMPL_VAR NAME="ssl-cipher"></small></TMPL_IF></td>
		<TMPL_ELSE>
			<td align="center">no</td>
		</TMPL_IF>
		<TMPL_IF NAME="2525">
			<td align="center" bgcolor="#daffec">yes</td>
		<TMPL_ELSE>
			<td align="center">no</td>
		</TMPL_IF>
		<!--
		<TMPL_IF NAME="25000">
			<td align="center" bgcolor="#daffec">yes</td>
		<TMPL_ELSE>
			<td align="center">no</td>
		</TMPL_IF>
		-->
		<TMPL_IF NAME="warning">
			<td bgcolor="#faff7f"><TMPL_VAR NAME="warning"></td>
		</TMPL_IF>
		<TMPL_IF NAME="error">
			<TMPL_IF NAME="warning">
				</tr><tr><td colspan="8">&nbsp;</td>
			</TMPL_IF>
			<td bgcolor="#ff7f7f"><TMPL_VAR NAME="error"></td>
		</TMPL_IF>
		</tr>
	</TMPL_LOOP>
	<tr><td colspan="6"></td></tr>
</TMPL_LOOP>
</table>

<p>
Built at <TMPL_VAR NAME="now">.

</td></tr>
<tr><td colspan=2 bgcolor="#ffffff">&nbsp;</td></tr>
<tr><td colspan=2 bgcolor="#444444"><font color="#ffffff"><em><a href="mailto:web@palfrader.org"><font color="#bbbbff">web@palfrader.org</font></a></em> -
      <a href="http://validator.w3.org/check/referer"><font color="#bbbbff">Valid HTML 4.01!</font></a></font></td></tr>
</table>      
</body>
</html>