TLS v1.1 is labeled insecure, TLS v1.2 is current, TLS v1.3 is about to become current.

the (e)mail system from 1972 (slightly modified) is still the #1 communication channel, if one believes one’s surveys.

The current approved version of TLS is version 1.3, which is specified in:

  • RFC 8446: „The Transport Layer Security (TLS) Protocol Version 1.3“.

The current standard replaces these former versions, which are now considered obsolete:

  • RFC 2246: „The TLS Protocol Version 1.0“.
  • RFC 4346: „The Transport Layer Security (TLS) Protocol Version 1.1“.
  • RFC 5246: „The Transport Layer Security (TLS) Protocol Version 1.2“.

gentlemen, prepare your keys:

# via perl
perl -MMIME::Base64 -e 'print encode_base64("\000username\@domain.com\000password")'
# via bash
echo -ne '\0username@domain.com\0password' | base64

now let’s connect:

# start TSL connection
openssl s_client -connect smtp.hostname-of-mail-server.com:25 -starttls smtp
CONNECTED(00000003)
...
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2476 bytes and written 335 bytes
Verification error: self signed certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1567373167
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
    Extended master secret: no
---
250 HELP
EHLO there
250-hostname-of-mail-server.com Hello there [your.ip.123.123]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-CHUNKING
250 HELP
AUTH PLAIN
8903uldflkdz839ziufhdlhz3987r8zfidhfkjdhfkd==
334 
235 Authentication succeeded
mail from: username@domain.com
250 OK
rcpt to: username@domain.com
data
subject: TestSubject
250 Accepted
354 Enter message, ending with "." on a line by itself

one can now enter a message like this:

Hello this is a telnet delivered test mail over a TSL encrypted connection - GoodDay Mate!

or test if spam and virus detectionis working:

===== SPAM-(SpamAssassin)Test: =====
To test the spam detection, we need to trigger an email that is detected as
spam. This can be done by sending an email with the following in the mail content.
(in upper case and with no white spaces and line breaks):

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

===== VIRUS-(ClamAV)Test: =====

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

to end it type a dot and hit enter:

.

50 OK id=1i3KPf-0002JW-0h

quit
221 hostname-of-mail-server.com closing connection
closed

Links:

https://en.wikipedia.org/wiki/Transport_Layer_Security

https://en.wikipedia.org/wiki/Comparison_of_TLS_Implementations

https://blog.tinned-software.net/setup-amavisd-new-with-spamassassin-and-clamav-with-postfix/

admin