SSL support with email (ESMTP)

To Do list of all new features which will be soon coded are posted in this forum.

Locked
Z
Posts: 189
Joined: 16 Jun 2006, 10:28
Contact:

SSL support with email (ESMTP)

Post by Z » 21 Dec 2006, 21:14

Many ESMTP services now support Encrypted email.

Received: from XXX@XXX.XXX
(xxx@xxx.xxx [nnn.nnn.nnn.nnn])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxx.xxx.xxx (Postfix) with ESMTP id 37E8733C008
for <xxx@xxx.xxx>; Thu, 21 Dec 2006 22:08:00 +0200 (GMT+2)

How about adding ESMTP support with SSL support to Trashmail? At least it would prevent most of traditional internet eavesdropping.

Admin
Site Admin
Posts: 1241
Joined: 16 Jun 2006, 08:55
Location: Germany
Contact:

Re: SSL support with email (ESMTP)

Post by Admin » 24 Dec 2006, 02:34

Z wrote:Many ESMTP services now support Encrypted email.

Received: from XXX@XXX.XXX
(xxx@xxx.xxx [nnn.nnn.nnn.nnn])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxx.xxx.xxx (Postfix) with ESMTP id 37E8733C008
for <xxx@xxx.xxx>; Thu, 21 Dec 2006 22:08:00 +0200 (GMT+2)

How about adding ESMTP support with SSL support to Trashmail? At least it would prevent most of traditional internet eavesdropping.
I will try to implement this, but first I will do the whitelisting function that I need urgently to use also for myself!! :D
Best regards,
Stephan Ferraro
Founder of TrashMail.com
CEO of Aionda GmbH

Admin
Site Admin
Posts: 1241
Joined: 16 Jun 2006, 08:55
Location: Germany
Contact:

Re: SSL support with email (ESMTP)

Post by Admin » 29 Nov 2007, 13:20

Admin wrote:
Z wrote:Many ESMTP services now support Encrypted email.

Received: from XXX@XXX.XXX
(xxx@xxx.xxx [nnn.nnn.nnn.nnn])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxx.xxx.xxx (Postfix) with ESMTP id 37E8733C008
for <xxx@xxx.xxx>; Thu, 21 Dec 2006 22:08:00 +0200 (GMT+2)

How about adding ESMTP support with SSL support to Trashmail? At least it would prevent most of traditional internet eavesdropping.
I will try to implement this, but first I will do the whitelisting function that I need urgently to use also for myself!! :D
Its now implemented. The only bad thing is that the certificate is not recognized by any known CA.
But simple eavesdropping is only possible with man-in-the middle attack with 2 possibilities (protocol hacking and private/public key exchange proxying).
Best regards,
Stephan Ferraro
Founder of TrashMail.com
CEO of Aionda GmbH

Locked