Hi! Sorry for posting in English, my danish sucks and although I speak Swedish I thought it would be better to keep this thread in English.
First off, thank you for a very good service! I use both the DNS and MX backup services for my two domains.
As some of you might already be aware, the Swedish government has recently introduced a new law giving clearance for the FRA (sort of like NSA) to begin wiretapping all cable communication to and from Sweden (the impossibility to distinguish that from domestic communication is besides the point here). For those of you who don't know what I'm talking about, take a look at
http://en.wikipedia.org/wiki/FRA_law.
To remedy this brutal invasion of privacy, many swedes, including me, are moving towards encrypting as much of their Internet traffic as possible. This is where gratisdns.dk comes in. My own mail server is configured to use the STARTTLS command to set up a secure channel when receiving and/or sending mail, if possible. However, parismailgw.gratisdns.dk is not, so if my mail server does not respond the mail will be sent in plain text first to the backup server and then again to my server when it is up and running again. I would very much like the backup server to use STARTTLS just like my server does, especially since crossing the border is a given when the service is used. The server doesn't have to have an expensive certificate (although I suspect the affiliation with digitaltcertifikat.dk might make it cheaper), a self signed certificate is still better than nothing since the traffic will be encrypted and thus hidden from prying eyes.
To setup Postfix for this you need the following in main.cf, and the two files containing the private key and the certificate (the location may vary depending on what distribution is used):
-----
# Settings for receiving encrypted mail
smtpd_tls_auth_only = yes
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/ssl/postfix/smtpd.key
smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.crt
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_ask_ccert = yes
smtpd_tls_req_ccert = no
# Settings for sending encrypted
smtp_tls_security_level = may
smtp_tls_key_file = /etc/ssl/postfix/smtpd.key
smtp_tls_cert_file = /etc/ssl/postfix/smtpd.crt
smtp_tls_note_starttls_offer = yes
-----
That's it. After that, the server will use STARTTLS if available when sending backed up mail, and give the option for clients to use it when receiving mail for backup. I guess it would make a lot of sense to use this for other mail services as well, but I have no knowledge of what might already be provided. You can of course also make this a recommendation to your users with their own servers, so that the feature is used to its fullest potential.
I hope you seriously consider this feature as it would mean a lot to me and many others. I will be sure to keep recommending gratisdns.dk and especially point out the fact that encryption used if the feature is implemented.
