From 1027ec309e2f16c1d52ecbc41f26344b802f1a63 Mon Sep 17 00:00:00 2001 From: Jean-Denis Vauguet Date: Wed, 10 Jun 2020 02:54:51 +0200 Subject: [PATCH] Updated A mail server's 101 (markdown) --- docs/content/a-mail-server's-101.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/a-mail-server's-101.md b/docs/content/a-mail-server's-101.md index 5c871ff3..ce55edaa 100644 --- a/docs/content/a-mail-server's-101.md +++ b/docs/content/a-mail-server's-101.md @@ -80,6 +80,6 @@ As a _batteries included_ Docker image, docker-mailserver provides you with all When it comes to security, one may consider docker-mailserver's default configuration to _not_ be 100% secure, as it uses _opportunistic_ connections using STARTTLS instead of _enforcing_ TLS-encrypted connection (SMTPS, IMAPS). That choice has been consciously made for the project aims at supporting, _by default and without custom configuration required_, all kinds of clients, including ones not able (== not configured) to use enforced/implicit TLS-encrypted connections, but still capable of handling opportunistic TLS. Please note though that _no plain text exchange will occur_ in case a client denies a STARTTLS offer, for docker-mailserver is using a [strict offer](http://www.postfix.org/postconf.5.html#smtpd_tls_security_level) (`encrypt`) by default and will drop the client unencrypted request :relieved: -We believe docker-mailserver's default configuration (enforcing TLS, either opportunistic or implicit) to be a good middle ground: it goes beyond [RFC 2487](https://tools.ietf.org/html/rfc2487) "old" (1999) recommandation and abides by the "newest" (2018) [RFC 8314](https://tools.ietf.org/html/rfc8314). It means clients without support for TLS are not supported by default. Eventually it is up to you deciding which kind of transportation encryption to use / enforce, and set up your instance accordingly. +We believe docker-mailserver's default configuration (enforcing TLS, either opportunistic or implicit) to be a good middle ground: it goes beyond [RFC 2487](https://tools.ietf.org/html/rfc2487) "old" (1999) recommandation and abides by the "newest" (2018) [RFC 8314](https://tools.ietf.org/html/rfc8314), under the assumption that most MUA (clients) nowadays support TLS. It does mean clients without support for TLS are not supported by default though. Eventually, it is up to you deciding which kind of transportation encryption to use / enforce, and customize your instance accordingly, with the help of the project's documentation. The [README](https://github.com/tomav/docker-mailserver) is the best starting point in configuring and running your mail server. You may then explore this wiki to cover additional topics, including but not limited to, security.