No announcement yet.

Response From Remote Domain If Email Not Sent Encrypted

  • Filter
  • Time
  • Show
Clear All
new posts

  • Response From Remote Domain If Email Not Sent Encrypted

    We'll be renewing our TLS certificate soon and I'm writing up the operations guide for the process, but I'm stumped in how I can confirm that TLS still works.

    Well, apart from the obvious of sending an email to one of the remote domains where enforced TLS is enabled, and then not getting a reply.

    Since I've never sent a non-encrypted email to one of the configured remote domains, does anyone have any experience of the expected result if it fails?

    Would I get an NDR from our Exchange 2003 server? If so, what would it say?

    I did try to test by using telnet, and not sending the STARTTLS verb, but that seems to have gone through. At least it says it was queued. I also tried to set NOTIFY= but I get the usual "DSN support is disabled" message from the remote domains postfix server.

  • #2
    Re: Response From Remote Domain If Email Not Sent Encrypted

    TLS only ensures the email is encrypted between each mail server. It is not an end to end solution. If you want email encryption you should be using DigitalID's. This ensure's that only the intended recipient can open the email assuming they have a copy of the public key.
    An NDR will only report delivery failure or success.
    You can check the success of TLS by inspecting the email header in an email sent from the target. The header will show the version of SSL and the Cipher. Alternatively you can use this website which uses Telnet to check for SSL at the target.