Archive for the ‘E-Mail’ Category

The Ten Commandments of E-Mail Security

by Jason Stewart
It’s 2016, and e-mail still poses a lot of security problems.

ISP Quietly Kills E-Mail Security

by Jason Stewart
To encrypt the transmission of e-mail from our e-mail clients (Outlook, Thunderbird, Windows Mail, iMail, iPhone Mail, Android Mail, etc.) to our e-mail servers, many of us (whether we know it or not) are using STARTTLS. STARTTLS is a way for clear text communication protocols to “upgrade” to a secured connection.  If client and server […]

SSL/TLS Security Theater

by Jason Stewart
Thanks to the recent NSA/Snowden allegations, all of the major websites have been sending every picture, post, and tweet over “secure” HTTP (HTTP/S).  This particular usage of HTTP/S is FAANG moat-making, and security theater. HTTP/S only secures a connection between two endpoints.  An endpoint would be a device (like your phone or desktop) or a […]

SSL/TLS for Postfix, Apache, and Dovecot

by Jason Stewart
Step 1: Create the Certificate Signing Request (CSR) openssl req -nodes -newkey rsa:2048 -keyout -out It will ask the following questions. Answer all of them except for the last two (challenge password and optional company name). If you do set a challenge password, each program which uses the certificate will also need to […]

Deprecated: str_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated in /var/www/ on line 14