On 11/13/2016 7:38 PM, @lbutlr wrote: > While I know this would result in lost mail, would it be possible with > postfix to setup a mail server that: >
See http://www.postfix.org/TLS_README.html Also read up on RFC 6698 and DANE. > 1) Only accepts encrypted connections smtpd_tls_security_level = encrypt > 2) Only sends encrypted emails smtp_tls_security_level = encrypt > 3) Keeps mail encrypted throughout, including only writing encrypted blobs. > > and is there a way to setup an IMAP server to read that encrypted mail and, > again, only serve/accept encrypted mail. For this you can use whatever encrypted filesystem is provided by your OS. Postfix has no built-in support for encrypted files. > > I assume there is some metadata that must be unencrypted (to and From_, I’d > guess), can the rest of the metadata be encrypted (Data, received, any other > headers). With SMTP, the initial server connection, EHLO and STARTTLS commands are sent cleartext. After that, everything is encrypted.
