Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add TLS support for Receiving Emails #979

Open
JohannesFleischer opened this issue Mar 26, 2024 · 3 comments
Open

Add TLS support for Receiving Emails #979

JohannesFleischer opened this issue Mar 26, 2024 · 3 comments

Comments

@JohannesFleischer
Copy link

I have set up a self-hosted Healthchecks instance and noticed that when pinging the server via smtp, it is only possible to send unencrypted emails because TLS is not supported.

This allows an attacker to perform a replay attack, making it look like a service is still running when it is not.

This is why I would love to see TLS support for this feature.
@aque
Copy link

aque commented Mar 30, 2024

I suggest not exposing smtpd directly and use postfix or similar as a frontend. Aside from TLS, you can use their features to secure the smtp service like HELO restrctions and DKIM checking. I have my smtpd service listening on localhost:2525 and setup a postfix transport file with healthchecks.domain.tld smtp:[127.0.0.1]:2525.

@JPaulMora
Copy link
Contributor

Would it be a good idea to make smtp listen on localhost only by default?

@aque
Copy link

aque commented Apr 10, 2024

You can do that by adding --host localhost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aque @JPaulMora @JohannesFleischer