I met a high skilled guy those days, and he told me about the dangers of using e-mail and having port 25 open, that all messages are in plain text and so on. I don’t understand quite well the dangers of it, and how vulnerable a yunohost server self-hosted on home or office can be. So I have a few questions, considering a default install and client thunderbird with default configuration with imap, on office or home:
Are all e-mail messages vulnerable to being read?
Are the users on the yunohost server vulnerable somehow, their password if they use e-mail with default setting(postfix)?
Does TLS encryption protect e-mail messages enough? What are the benefits of TLS 1.3 only? I tried 1.3 and was not receiving some e-mails.
It is true* that the content of your emails is transmitted in plaintext from server to server, but this is the case no matter whether you host your own emails with YuNoHost or use a big provider like GMail.
However, the client-to-server connection (including the IMAP and SMTP passwords) is encrypted, both when sending emails and when checking your inbox for incoming mails.
Any network service you run will contain bugs and can potentially be vulnerable to hacking. Email servers are no exception. That risk is inherent to self-hosting, whether email, website, or whatever. To reduce the risek, make sure that you have auto-updates enabled so that any known security holes get patched.
- opportunistic TLS encryption for emails server-to-server does exist but until it is universally applied and enforced, you can’t rely on it.
2 Likes