Monthly Archives: December 2015

Securing email to Gmail

I’ve been working on securing my postfix configuration to enforce certificate validation and encryption on some known, higher-volume, or more sensitive connections between SMTP servers (port 25).

On many of the connections I’ve setup for secure transport there have been no problems (assuming proper TLS certificates are used).  Unfortunately Gmail™ has been a problem.  Sometimes it verifies and validates the certificate and other times it doesn’t… for days.

After conferring with Google Security I believe I’ve come up with a solution.  In my tls_policy file I’ve added the following:

gmail.com       secure match=.google.com:google.com ciphers=high protocols=TLSv1.2

So far this is working but I’ll continue to test.

If you run your own SMTP server and wish to maintain a secure connection with Gmail this is an easy way to enforce encryption as well as validate the certificate.  Of course this doesn’t protect the message while it’s being stored on the server or workstation (or on Google’s internal network).  To protect messages at rest (on a server) one should use GPG or S/MIME.  Using both TLS over the network between servers and GPG or S/MIME is beneficial to provide protection of the messages going over the Internet.

Update

This configuration is applicable with the OpenSSL version shipped with CentOS 6/RHEL 6.  Implementing this on CentOS 7/RHEL7 or another flavor of Linux may require a different/better configuration.
The policy has been updated for CentOS 7/RHEL 7 which supports TLSv1.2 on Postfix.  Other services can also be setup similarly:

google.com    secure ciphers=high protocols=TLSv1.2
comcast.net    secure ciphers=high protocols=TLSv1.2
verizon.net    secure ciphers=high protocols=TLSv1.2
hotmail.com    secure ciphers=high protocols=TLSv1.2

38,000 Miles per Watt endorsement

SKCC 1,000 Miles per Watt Award 38000Earlier today I made contact with Bert, F6HKA, at a distance of 3,845 miles.  We first made contact on 15 meters using 5 watts.  The band conditions were so good that I hooked up the K1 and we made contact on 17 meters.  That 17m contact was made with my side running only 100 mW which equates to 38,450 miles per watt.  This is the kind of contact I was hoping to log running milliwatts.  I always enjoy talking to Bert and am happy that he was able to hear my QRPp signal.  As long as the daytime bands keep being quiet perhaps I’ll be able to best my current record.  I’ll keep trying.

1,000+ MPW award… finally!

SKCC 1,000 Miles per Watt Award 2000 MPWA few months ago I reported that I had achieved the 1,000 miles per watt SKCC award only later to find out that my radio was putting out 7 watts instead of the 0.1 watts I thought it was putting out.  After sending the radio off for repair (there were a few other issues that cropped up) I now have a working radio that has been fully calibrated.  One of my first contacts was with K2PAY in New York.  I was able to work him with my 100mW and put him in the log at a distance of 240 miles and 2402 miles per watt!

I’m happy to have the award with the 2,000 miles per watt endorsement.