我的服务器是否使用 SSL 加密来发送电子邮件?

我的服务器是否使用 SSL 加密来发送电子邮件?

我已经使用 部署了一个小型邮件服务器sendmail。我认为代理已正确配置为接受带加密和不带加密的传送请求。这是因为,通过以下 telnet 会话:

usr@host:~$ nc -Cw 60 localhost 25
220 mail.mydomain.com ESMTP Sendmail 8.15.2/8.15.2/Debian-14~deb10u1; Tue, 8 Dec 2020 19:24:30 GMT; (No UCE/UBE) logging access from: localhost(OK)-localhost [127.0.0.1]
EHLO localhost
250-mail.mydomain.com Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5
250-STARTTLS
250-DELIVERBY
250 HELP
MAIL FROM: [email protected]
250 2.1.0 [email protected]... Sender ok
RCPT TO: [email protected]
250 2.1.5 [email protected]... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
From: [email protected]
To: [email protected]
Subject: Sendmail test

This is a test mail delivered with Sendmail.
.
250 2.0.0 0B8JOUMo005314 Message accepted for delivery
QUIT
221 2.0.0 mail.mydomain.com closing connection

..和Python代码片段:

def send_mail_ssl(subject, text, receiver, sender):
  body = _BODY_PATTERN.format(sender=sender,
                              receiver=receiver,
                              subject=subject,
                              text=text)
  context = ssl.create_default_context()
  with smtplib.SMTP_SSL('mail.mydomain.com', 465, context=context) as server:
    server.sendmail(sender, receiver, body)

def send_mail_tls(subject, text, receiver, sender):
  body = _BODY_PATTERN.format(sender=sender,
                              receiver=receiver,
                              subject=subject,
                              text=text)
  context = ssl.create_default_context()
  try:
    server = smtplib.SMTP('mail.mydomain.com', 25)
    server.ehlo()
    server.starttls(context=context)
    server.ehlo()
    server.sendmail(sender, receiver, body)
  except Exception as e:
    print(e)
  finally:
    server.quit()

...电子邮件发送成功。但是,我不确定是否与目标 SMTP 节点建立了加密会话以传递电子邮件。我怎样才能检查这个?

12/09 更新 由于评论中提到了它们,我将在此处添加我的测试电子邮件中包含的一些标头:

Received: from AM6EUR05HT200.eop-eur05.prod.protection.outlook.com
 (2603:10a6:3:e3::27) by HE1PR06MB3930.eurprd06.prod.outlook.com with HTTPS
 via HE1PR0502CA0017.EURPRD05.PROD.OUTLOOK.COM; Tue, 8 Dec 2020 17:43:15 +0000
Received: from AM6EUR05FT016.eop-eur05.prod.protection.outlook.com
 (2a01:111:e400:fc11::49) by
 AM6EUR05HT200.eop-eur05.prod.protection.outlook.com (2a01:111:e400:fc11::294)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.17; Tue, 8 Dec
 2020 17:43:14 +0000
Authentication-Results: spf=pass (sender IP is MYSERVERIP)
 smtp.mailfrom=mail.mydomain.com; live.it; dkim=none (message not signed)
 header.d=none;live.it; dmarc=bestguesspass action=none
 header.from=mail.mydomain.com;compauth=pass reason=109
Received-SPF: Pass (protection.outlook.com: domain of mail.mydomain.com
 designates MYSERVERIP as permitted sender)
 receiver=protection.outlook.com; client-ip=MYSERVERIP;
 helo=mail.mydomain.com;
Received: from mail.mydomain.com (MYSERVERIP) by
 AM6EUR05FT016.mail.protection.outlook.com (10.233.240.243) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.3632.17 via Frontend Transport; Tue, 8 Dec 2020 17:43:14 +0000
X-IncomingTopHeaderMarker:
 OriginalChecksum:A8C3955649979800BCCE5770882A4FE8994D8B0B90393756BB8AD24255EBB904;UpperCasedChecksum:DC234C8D58F32E07B6AFB42D6ABE9D17CF745F6968D869D01974CBC93315655A;SizeAsReceived:484;Count:6
Received: from mail.mydomain.com (mail.mydomain.com [MYSERVERIP])
    by mail.mydomain.com (8.15.2/8.15.2/Debian-14~deb10u1) with ESMTPS id 0B8HhDPU003097
    (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT)
    for <[email protected]>; Tue, 8 Dec 2020 17:43:14 GMT
[...]

答案1

  1. 第一次尝试 - 使用 telnet 会话使用经典连接到 SMTP 端口 tcp/25。这没问题,而且是标准的。您可以使用它,并且在 EHLO 之后您可以使用 STARTTLS 切换到加密会话。但是你的 Python 配置为使用基于 SSL 的 SMTP,即所谓的 SMTPS,前段时间尝试过,后来大多放弃了。它使用 tcp/465,并且从一开始就被加密。有一些缺点。

  2. 所以,是的,您的 Python 在向提交服务器发送电子邮件时使用了某种加密。但它与将电子邮件从提交服务器传输到最终目标服务器(直接或通过另一个中继)没有任何关系。它由所涉及的服务器及其算法列表、设置首选项等协商。据我所知,SMTP MTA 之间没有强制加密的标准。

相关内容