From 8bdaef68903540abcee81e89f4f27441f0f696b2 Mon Sep 17 00:00:00 2001 From: Jean-Denis Vauguet Date: Wed, 10 Jun 2020 01:07:10 +0200 Subject: [PATCH] Updated A mail server's 101 (markdown) --- docs/content/a-mail-server's-101.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/content/a-mail-server's-101.md b/docs/content/a-mail-server's-101.md index 10e9b696..3a4d702f 100644 --- a/docs/content/a-mail-server's-101.md +++ b/docs/content/a-mail-server's-101.md @@ -76,8 +76,8 @@ When talking about emails, the following applies: ## How does docker-mailserver help with setting everything up? -As a _batteries included_ Docker image, docker-mailserver provides you with all the required components and a default configuration to run a mail server. On top of that, the [env-mailserver](https://github.com/tomav/docker-mailserver/blob/master/env-mailserver.dist) configuration file (and some other optional, advanced files!) allow you to tweak your setup extensively. You may even derive your own image from docker-mailserver for a complete control. +As a _batteries included_ Docker image, docker-mailserver provides you with all the required components and a default configuration to run a mail server. On top of that, the [env-mailserver](https://github.com/tomav/docker-mailserver/blob/master/env-mailserver.dist) configuration file (and some other optional, advanced files!) allow you to tweak your setup extensively. You may even derive your own image from docker-mailserver for a complete control! -The default configuration may _not_ be considered 100% secure as it enforces opportunistic connections using STARTTLS. The reason is because the project aims at supporting, by default, all kinds of clients including older ones not able to use enforced TLS-encrypted connections. It is up to you deciding which kind of transportation encryption to use / enforce, and set up your instance accordingly. +When it comes to security, one may consider docker-mailserver's default configuration to _not_ be 100% secure, as it uses _opportunistic_ connections using STARTTLS instead of _enforcing_ TLS-encrypted connection (SMTPS, IMAPS). That choice has been consciously made for the project aims at supporting, _by default and without custom configuration required_, all kinds of clients, including ones not able (== not configured) to use enforced/implicit TLS-encrypted connections. Please note though that _no plain text exchange will occur_ in case a client denies a STARTTLS offer, for docker-mailserver is using a [strict offer](http://www.postfix.org/postconf.5.html#smtpd_tls_security_level) by default :relieved: It is up to you deciding which kind of transportation encryption to use / enforce, and set up your instance accordingly. The [README](https://github.com/tomav/docker-mailserver) is the best starting point in configuring and running your mail server. You may then explore this wiki to cover additional topics, including but not limited to, security.