TLS forwarding to the End User

Hello, I am new to this forum and it is a pleasure to be here. I have been experimenting with Mail in a Box and I am thankful for your creation. It is such an honor to be here in an open forum where we can discuss academic issues without immediate bans for engaging in civil dialogue.

I am majoring in computer science and hoping to better understand how email systems work. I noticed a previous thread on encrypted emails and I was wondering from an academic perspective if it was possible to use a server to forward 100% of incoming TLS packets to an end user.

So it could in theory go:
Email Sender → VPS Server Forwarding 100% of the TLS packets to → End user’s Mail Server.

Is this possible with custom modification of a server, but an unknown random IMAP sender?

Hello @JSmithStudios.

There aren’t easy answers to questions like this because email is a collection of complex systems that work together, and in order to predict and explain a prediction about what might happen you are asking others to do a lot of effort for you (much more than just answering basic questions for help). It’s also the case that this might not be the best place to ask since your question doesn’t relate to Mail-in-a-Box specifically.

We get a lot of questions of the form “is X possible?” and the answer is almost always “Anything is possible with enough effort.”

But I think your question is: Can a server forward emails to end users from incoming TLS connections without decrypting the incoming connection? And I think the answer is that if there is more than one end user, then no, because the server would not know from the encrypted stream which user to forward the packets to.

Josh

1 Like

Thanks for your reply, I am referring to forwarding to a single user

In that case you could use PGP or S/MIME to encrypt your emails. Or don’t use email at all for that specific usecase. You could for example set up an XMPP server. If both sides are using a client that supports OMEMO, it is very simple to send end to end encrypted messages to each other.

This is a good example why these types of questions create a lot of work for other people to answer. I put in some effort to answer the question, and then it turns out the question didn’t have enough information in the first place for an answer to be helpful to you.

@JSmithStudios emailed me after this (please folks never do that, unless you are reporting a security vulnerability). Based on the email, I’m locking this thread as off topic.

1 Like