mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
Updated A mail server's 101 (markdown)
This commit is contained in:
parent
328f2e2ecf
commit
1027ec309e
|
@ -80,6 +80,6 @@ As a _batteries included_ Docker image, docker-mailserver provides you with all
|
||||||
|
|
||||||
When it comes to security, one may consider docker-mailserver's default configuration to _not_ be 100% secure, as it uses _opportunistic_ connections using STARTTLS instead of _enforcing_ TLS-encrypted connection (SMTPS, IMAPS). That choice has been consciously made for the project aims at supporting, _by default and without custom configuration required_, all kinds of clients, including ones not able (== not configured) to use enforced/implicit TLS-encrypted connections, but still capable of handling opportunistic TLS. Please note though that _no plain text exchange will occur_ in case a client denies a STARTTLS offer, for docker-mailserver is using a [strict offer](http://www.postfix.org/postconf.5.html#smtpd_tls_security_level) (`encrypt`) by default and will drop the client unencrypted request :relieved:
|
When it comes to security, one may consider docker-mailserver's default configuration to _not_ be 100% secure, as it uses _opportunistic_ connections using STARTTLS instead of _enforcing_ TLS-encrypted connection (SMTPS, IMAPS). That choice has been consciously made for the project aims at supporting, _by default and without custom configuration required_, all kinds of clients, including ones not able (== not configured) to use enforced/implicit TLS-encrypted connections, but still capable of handling opportunistic TLS. Please note though that _no plain text exchange will occur_ in case a client denies a STARTTLS offer, for docker-mailserver is using a [strict offer](http://www.postfix.org/postconf.5.html#smtpd_tls_security_level) (`encrypt`) by default and will drop the client unencrypted request :relieved:
|
||||||
|
|
||||||
We believe docker-mailserver's default configuration (enforcing TLS, either opportunistic or implicit) to be a good middle ground: it goes beyond [RFC 2487](https://tools.ietf.org/html/rfc2487) "old" (1999) recommandation and abides by the "newest" (2018) [RFC 8314](https://tools.ietf.org/html/rfc8314). It means clients without support for TLS are not supported by default. Eventually it is up to you deciding which kind of transportation encryption to use / enforce, and set up your instance accordingly.
|
We believe docker-mailserver's default configuration (enforcing TLS, either opportunistic or implicit) to be a good middle ground: it goes beyond [RFC 2487](https://tools.ietf.org/html/rfc2487) "old" (1999) recommandation and abides by the "newest" (2018) [RFC 8314](https://tools.ietf.org/html/rfc8314), under the assumption that most MUA (clients) nowadays support TLS. It does mean clients without support for TLS are not supported by default though. Eventually, it is up to you deciding which kind of transportation encryption to use / enforce, and customize your instance accordingly, with the help of the project's documentation.
|
||||||
|
|
||||||
The [README](https://github.com/tomav/docker-mailserver) is the best starting point in configuring and running your mail server. You may then explore this wiki to cover additional topics, including but not limited to, security.
|
The [README](https://github.com/tomav/docker-mailserver) is the best starting point in configuring and running your mail server. You may then explore this wiki to cover additional topics, including but not limited to, security.
|
||||||
|
|
Loading…
Reference in a new issue