[quoted text, click to view] > Sorry if this is not the correct group but the only one related to
> SMTP in my list.
Well, this is a product-specific list, but I can probably help.
Although you should have searched recent posts first, because there is
a thread on this very topic.
[quoted text, click to view] > 1 - I can send e-mails from the command prompt fine. Currently I
> want to do the same but encrypt the e-mail. Is this possible?
You can encrypt the conversation between the mail client and the
submission server. This does _not_ mean that the connection between
the submission server and the outbound smart host (if there is one),
nor the connection to a remote domain's MX server, will be encrypted.
Each link means separate configuration. If any remote server does not
support encryption, you will not be able to encrypt that link. You
have to be much more precise about what part(s) of the SMTP transport
you wish to secure.
As for the encryption itself, there are two methods, SMTPS (SSL/TLS to
a dedicated port, usually WKP TCP 465) and STARTTLS/STOPTLS (inline
encryption of a connection that starts in the clear as standard SMTP
connection, on WKP TCP 25).
[quoted text, click to view] > 2 - Does it only required a setting within the mail server then all
> e-mails are encrypted?
You shouldn't use the term "e-mails are encrypted" to describe this
technology. While it is true that the headers and body of an e-mail
will be encrypted while in transit, this encryption does not (as noted
above) apply to the same message traveling over later SMTP hops
(server-to-server links), nor does it apply to the message as it is
downloaded into a mail client over POP3/IMAP/MAPI/etc.
The only true encryption of the message that will travel with the
message from the point of origin to the destination mailbox is PGP.
Back to SMTP encryption: for a server to require all submissions to be
encrypted, it has to (a) disallow all unencrypted mail, and (b) have
an SSL/TLS certificate that can be trusted by all clients that connect
(if the clients are all corporate-controlled, the cert does not have
to be issued from a public CA, but if you are, for example, a hosting
provider, you need to have a commercial cert or be prepared to do a
lot more customer handholding).
[quoted text, click to view] > 3 - Does it require both a configuration within the mail server as
> well as making an additional command on the client side command
> prompt to encrypt the e-mail?
Again, speaking of SMTP encryption only: yes, both client and server
need to offer the same encryption type (SMTPS or STARTTLS/STOPTLS)
_and_ be set to use it. If one side speaks only SMTPS and the other
only STARTTLS/STOPTLS, that won't work.
--Sandy
------------------------------------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
