Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Add TLS/STARTTLS support

See original GitHub issue

Hi, first of all: Thanks for this incredible service. I really love it! ❤️

Unfortunately, I noticed that the main instance, (thanks for hosting) does not support STARTTLS, which is a no-go IMO. The used smtp-server library has support for it, but you disable it.

Enabling support seems to be relatively easy: First, do not disable the STARTTLS command. Second, set up key, cert and eventually ca parameters to point to the certificate you already have for HTTPS.

Congrats, you have enabled encryption! 🎊

Additionally, if you are already at it, check recommendations from

  • Add a DANE record pinning the Let’s Encrypt CA certificates. Pinning the two CA certificates makes the TLSA records safe for the next decades. You just have to stick to Let’s Encrypt. They should be:
    # ISRG Root X1	10800	IN	TLSA	2 1 1 0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
    # ISRG Root X2	10800	IN	TLSA	2 1 1 762195c225586ee6c0237456e2107dc54f1efc21f61a792ebd515913cce68332
    You already have the required DNSSEC on the domain. You can use this test page if you have deployed it.
  • Add IPv6 support to the mail server. It’s 2022, IPv6 should be supported by default. And as you only receive mails, you should not fear deliverability problems.
  • Avoid misuse of your domain for spam. Also see this Cloudflare article.
    • Add a SPF record. If you never send email from your domain, just set	10800	IN	TXT	"v=spf1 -all"
      Alternatively v=spf1 mx -all to allow the mail server to send mail.
    • Eventually add a null DKIM record as described by the Cloudflare article. Cloudflare wants to set the wildcard record *, check if your DNS provider supports wildcard records.
    • Add a DMARC record rejecting mail for failing SPF/DKIM checks	10800	IN	TXT	"v=DMARC1; p=reject;"

You can also consult for great email server reports.

Issue Analytics

  • State:open
  • Created a year ago
  • Comments:5 (2 by maintainers)

github_iconTop GitHub Comments

leafaccommented, Sep 25, 2022

Fair enough. Thanks for investigating. I’ll update some things about Kill the Newsletter! in the near future and include the STARTTLS in the process.

Mynacolcommented, Oct 13, 2022

Just a quick reminder from my side

Read more comments on GitHub >

github_iconTop Results From Across the Web

SSL, TLS, and STARTTLS - Fastmail Help
This is an informational page about the history of SSL, TLS, and STARTTLS and the differences between these protocols. If you are looking...
Read more >
Enable Transport Layer Security (TLS) 1.2 overview
Overview of how to enable TLS 1.2 for Configuration Manager.
Read more >
Guide to setting up STARTTLS support - Hexamail
This is a guide to setting up STARTTLS support on your server ... Follow their instructions to purchase and install the certificate on...
Read more >
What Are SSL, TLS, & STARTTLS Email Encryption? - SparkPost
SparkPost's incoming API calls use HTTPS (the secure version of HTTP) and are SSL/TLS encrypted. If you choose to enable Encryption: STARTTLS, then...
Read more >
STARTTLS vs SSL vs TLS Explained in 5 Minutes | Mailtrap Blog
with Opportunistic SSL/TLS (aka Explicit SSL/TLS), a client will run a STARTTLS command to upgrade a connection to an encrypted one. If a...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found