StartTLS for Opportunistic Email Encryption with Postfix

Out of date

This document was written in 2002. Since then, the features it discusses have moved into Postfix, including important improvements to forward secrecy. You should look to TLS Forward Secrecy in Postfix at postfix.org for up to date advice.

New translations will not get a link.

Archived content

Lots and lots of sites use StartTLS for encrypting local email, usually so that they can hide passwords when SMTP auth is used. But, StartTLS also gives you the ability to opportunisticly encrypt mail as it heads across the Internet. This document builds on Patrick Koetter's STMTP/StartTLS docs, and starts at the end of #15, where he says "That's it. Your done. Have fun." Speaking of having fun, this page has now been translated into a number of languages. New translations will not get a link:
  • Belorussian, translation by Patric Conrad.
  • Russian [1st] by Jim Jerginson and [2nd] by Oleg Meister
  • German, translation by Alexey Gnatuk.
  • Ukranian by Alexander Novickiy
Let me say a little more about how cool this is. From the user perspective: No passphrases. No public keys. No fingerprints. It roughly just works. That's a huge win. Today, I spent half a day trying to get S/MIME working. First, I upgraded mutt to the latest beta. Then I got stuck because Verisign's site doesn't work with Netscape, and Thawte's site is down for maitenance. Meanwhile, random email from people who would never bother to figure this stuff out is getting encrypted from their site to mine. And since I run my site, thats about the same trust as I get from PGP. Not quite, but much better than when people misuse the product.

Pre-conditions: Have postfix installed and running. Have StartTLS going when postfix is a server.
Post-conditions: Postfix will act as a starttls client, encrypting mail when the other side speaks TLS.

Now, this is really easy. Let me simply offer up the relevant bits of my postfix main.cf:


smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtp_tls_key_file = /etc/postfix/certs/newreq.pem
smtp_tls_cert_file = /etc/postfix/certs/newcert.pem

smtpd_tls_session_cache_database = sdbm:/etc/postfix/smtpd_scache
Now, the first two lines should be obvious. The first line causes us to use smtp when acting as a client, the second notes hosts that offer starttls, but for which is it not enabled.

The second two are the same values as my smtpd_tls_key_file and smtpd_tls_cert_file. They're not in the same place as M. Koetter put them, but thats a trivial difference. I like the certs directory because it keeps things neat.

If everything has worked as planned, your mail recieved headers will get better, looking something like this:

Received: from Alice
  (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))  
  (No client certificate requested) 
  by Bob (Postfix) with ESMTP id CC7593008F
  for <charlie@example.com>;
  Wed,  2 Oct 2002 15:20:39 -0400 (EDT)

If everything is not working as planned, turn up your log levels. Odds are good you're already trading mail with people using starttls.

And that's it. You're done. Have fun.


Why?

Because some people want to read your email. Others don't. But it should be your choice.

I also want to draw attention to The Postfix/TLS site and documentation for the config file, which I had trouble finding.


Adam Shostack
Last modified: Fri Dec 20 16:31:31 EST 2013