On 18 Nov 2016, at 22:05, vod vos wrote:
Hi,
I have configured the TLS,
when I receive the mail such as yahoo mail,
the mail content is transferred encoding like base64.
When I send mail to yahoo account or others,
the content is clear text,
how to encrypt the content in an acceptable encoding to other mail
servers?
The "Content-Transfer-Encoding" header of a MIME message or message part
is unrelated to any sort or encryption. It specifies how the stream of
bits in a mail message should be interpreted to recover the original
data, which may not have been safe for unencoded transport in email.
Base64 is NOT encryption, it is a system for mapping arbitrary binary
data into a format that is safe for email, using a set of 64 characters
(a subset of US-ASCII) and a maximum line length of 76 characters. Three
8-bit bytes of any values (0-255) can be encoded into four Base64
characters.
On 18 Nov 2016, at 23:14, vod vos wrote:
The header from yahoo mail server to my server shows:
Message-ID: <1986254504.2695776.147946658...@mail.yahoo.com>
Subject: linoookk
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: base64
Which makes sense: the UTF-8 character set uses 8-bit bytes with the
high bit set (values 128-255) and so cannot reliably be transported via
email. Encoding the text with Base64 allows UTF-8 data to be transported
via email. It DOES NOT encrypt the mail in any way.
The header from my server to yahoo mail server did not shows
"Content-Transfer-Encoding: base64", and just shows "cipher
ECDHE-RSA-AES128-GCM-SHA256".
That cipher specification (in a Received header) documents the
mechanisms used by TLS for various steps in the process of setting up
and running an encrypted transport session. Specifically, it says that
elliptic curve Diffie-Hellman key exchange was used to exchange RSA
(asymmetric) keys that were used to set up AES128 keys that were used
for bulk data encryption in Galois/Counter Mode with SHA256 hashing used
for signatures. That's a strong ciphersuite, which not only protected
your data in transit from casual snooping in realtme, it also provides
"forward secrecy" so that even if the session were to be captured and
kept, it will (probably) never be possible to decrypt it.
TLS provides strictly what its name says: Transport Layer Security. It
does not encrypt data at rest, it only encrypts the *transport* of data,
including SMTP protocol commands and responses as well as message data
in transit. If you want message data to be encrypted in storage, you
need to use something else, either message-level encryption like OpenPGP
or S/MIME or storage-layer encryption (like LUKS filesystem encryption,
dm-crypt, TrueCrypt, FileVault, etc.)
