Google Groups

Re: TLS ENCR between 2 domains


krn Feb 7, 2012 8:34 PM
Posted in group: comp.mail.sendmail
Can SASL be used to secure mail connection between 2 different domains
or is it being used only to secure email communication between all
users of one domain who are local or mobile ?

On Jan 30, 2:27 pm, krn <rashmeepa...@gmail.com> wrote:
> On Jan 23, 8:05 pm, Claus Aßmann <ca+sendmail(-no-copies-
>
>
>
>
>
> please)@mine.informatik.uni-kiel.de> wrote:
> > krn  wrote:
> > > I need to set up TLS between mail servers of a.com and b.com domain.
> > > b.com is the client.
> > > These are the directives that I will be adding in access.map file:
> > > TLS_Srv:b.com      ENCR:112
> > > TLS_Clt:b.com      ENCR:112
> > > TLS_Rcpt:b.com     ENCR:112
> > > Can I set the ENCR bits to 256 or more for stronger encryption?
>
> > 256. Check your logs and the output of
> > openssl ciphers -v
>
> > > Can I set the cipher that I want from the list that openssl supports
> > > instead of what server and client negotiate during TLS session
> > > negotiation?
>
> > Why? Isn't a cipher with 256 keylength for the symmetric encryption
> > strong enought?
>
> > BTW: see the source code, look for _FFR_TLS_1 and CipherList.
>
> > Anyway, you have to use VERIFY instead of ENCR if you actually
> > want to make sure your mail isn't read by someone else; see
> > the docs about the difference between the two.
>
> Hi,
>
> Thanks for the reply.
>
> I searched for _FFR_TLS_1 and Cipher and did not find it in the source
> code which means the sendmail running does not support _FFR_TLS_1
> feature.
>
> I did openssl ciphers -v and found many ciphers with max cipher
> strength of 256.- Hide quoted text -
>
> - Show quoted text -