[Bug 764211] Outgoing mail not encrypted
- From: "sysadmin" (GNOME Bugzilla) <bugzilla gnome org>
- To: gnome-infrastructure gnome org
- Subject: [Bug 764211] Outgoing mail not encrypted
- Date: Thu, 28 Apr 2016 15:57:53 +0000
Andrea Veri
changed
bug 764211
| What |
Removed |
Added |
| CC |
|
andrea.veri@gmail.com
|
Comment # 1
on bug 764211
from Andrea Veri
Gmail's red lock is there for two main reasons:
1. DKIM missing on the gnome.org domain
2. SMTP server used by the GNOME contributor not supporting TLS
As of today the GNOME Infrastructure does not provide an SMTP server for
relaying outbound e-mails, what we do is serving a set of aliases which a
remote mail server can query. Once smtp.gnome.org has been queried, the e-mail
the alias forwards to is returned, from there smtp.gnome.org effectively sends
the e-mail.
What happens for inbound e-mails:
@gnome.org alias owner mail client - (TLS, if supported)> @gnome.org alias
owner mail server - (TLS, if the local server requests it) -> smtp.gnome.org -
(TLS, if supported by recipient's mail server)> recipient mail server
What smtp.gnome.org didn't have before today:
1. Inbound TLS (mails between an external SMTP server and smtp.gnome.org
weren't encrypted, ever). What we do now is instead supporting STARTTLS, it's
then up to the external mail server to STARTTLS or not.
2. Outbound TLS (no SASL involved as we don't offer any SMTP relaying service)
for e-mails that are sent from an external mail server to a @gnome.org mail
alias. When the remote mail server reaches smtp.gnome.org, the aliases table is
evaluated and from there smtp.gnome.org is able to STARTTLS if the remote mail
server is configured to do so. For a certain set of domains we plan to encrypt
e-mails by default, the list currently only includes gmail.com. If you have
more suggestions please let us know.
Why the red lock isn't going to disappear even after increasing
smtp.gnome.org's security? As reported above we don't offer DKIM as @gnome.org
alias owners do use their own SMTP servers as of today which prevents us to
include DKIM signatures on the outgoing e-mails. Our mail server security has
however been secured with the improvements listed above.
Thanks for your report!
You are receiving this mail because:
- You are watching the QA Contact of the bug.
- You are watching the assignee of the bug.
[
Date Prev][Date Next] [
Thread Prev][Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
