Am 25.01.2014 09:42, schrieb Francina Oates: > To clarify for lists()rhsoft.net: > Adding the socks protocol to smtp allows for end-to-end TLS encryption > despite that the email appears to be sent from an intermediate node
TLS is also end-to-end TLS encryption > Socks removes the requirement to trust the provider of that > intermediate node and public IP address TLS with certificate verficiation does the same > A traffic logger does not see anything in case of TLS > or disk image snooper is a different context than tranmission of the data and not solved by anything in the connection context > will see the destination mta ip but none of the message as for TLS > Frequently, the destination is common like gmail and in that case you gain nothing because you need to trust the destination too you can only control the encryption from your machine to *your* MTA anything starting with the next hop is outside your control hence in case of email the connection to the MX maybe unecnrypted because lack of TLS support on the final destination and mandatory TLS on a MX is impossible except for rare cases where both sides agree and configure "smtp_tls_policy_maps" explicit so if you *really* need encryption for your email don't do it on the transport layer, encrypt your messages
