Email Tutorials - Herong's Tutorial Examples

∟Introduction to Email

∟What Is SMTPS

This section provides a quick introduction on SMTPS (Simple Mail Transfer Protocol Secure) for message transmission. A SMTPS sample session of submitting an email message using the 'openssl s_client' command is included.

What Is SMTPS? - SMTPS (Simple Mail Transfer Protocol Secure) is a method to secure a SMTP communication by wrapping it under a SSL (Secure Socket Layer) or TLS (Transport Layer Security) connection.

Running a SMTPS communication requires the email message agents on both sides of the communication to meet server authentication requirements defined by the PKI (Public Key Infrastructure) standard:

• A PKI server certificate and its private key must be installed on the server agent.
• The signing authority of the server certificate must be specified as a trusted authority by the client agent .

By default, a MSA listens on port 465 for SMTPS connection requests. Here is a sample session of submitting an email message with SMTPS using "openssl s_client" as the MUA. The receiving MSA is a Postfix server.

herong$ openssl s_client -connect 127.0.0.1:465

  CONNECTED(00000003)
  depth=0 C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, ...
  verify error:num=18:self signed certificate
  verify return:1
  Server certificate
  -----BEGIN CERTIFICATE-----
  MIIGGjCCBAKgAwIBAgICEAQwDQYJETAPBgNVBAoMCFRhcmdldFJ4MQswCQYDVQQL
  ...
  -----END CERTIFICATE-----
  ...
  SSL handshake has read 2589 bytes and written 441 bytes
  ---
  New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
  Server public key is 4096 bit
  Secure Renegotiation IS supported
  Compression: NONE
  Expansion: NONE
  SSL-Session:
      Protocol  : TLSv1.2
      Cipher    : ECDHE-RSA-AES256-GCM-SHA384
      Session-ID: F3A1B3CF00795C0F55ED00CBF3F3FB8A3D37B71C9A7CC877E9EB...
      Session-ID-ctx:
      Master-Key: 4ECD153D2688864C9D24FC2720E7E0A05F64EA0FB1FCD15F4501...
      Key-Arg   : None
      Krb5 Principal: None
      PSK identity: None
      PSK identity hint: None
      TLS session ticket lifetime hint: 7200 (seconds)
      ...

  220 mail.herongyang.com ESMTP Postfix

ehlo 127.0.0.1
  250-mail.herongyang.com
  ...
  250 SMTPUTF8
mail from: herong
  250 2.1.0 Ok
rcpt to: herong
  250 2.1.5 Ok
data
  354 End data with <CR><LF>.<CR><LF>
Hello encrypted world!
.
  250 2.0.0 Ok: queued as D86E9266002D
quit
  221 2.0.0 Bye
  Connection closed by foreign host.

Note that "openssl s_client" actually failed to validate the server certificate. It returned the "verify return:1" message, because I did not tell "openssl" to trust the self-signed server certificate.

SMTPS method can also support client authentication to ensure that only authorized clients can connect the server.

Table of Contents

 About This Book

►Introduction to Email

 What Is Email

 What Is SMTP

►What Is SMTPS

 What Is IMAP

 What Is IMAPS

 What Is POP3

 What Is POP3S

 Postfix - Mail Transport Agent (MTA)

 SSL/TLS Secure Connections with Postfix Server

 Dovecot - IMAP and POP3 Server

 SSL/TLS Secure Connections with Dovecot Server

 Email Client Tools - Mail User Agents (MUA)

 Mozilla Thunderbird - Mail User Agents (MUA)

 References

 Full Version in PDF/EPUB

What Is SMTPS - Updated in 2024, by Herong Yang