1
Can someone be receiveing all copies of my outgoing emails when I am using a web interface of an email server? Can the admin configure the email server to do so? If yes, will sending an email via the same SMTP server but using email application with an encrypted TLS connection help?
The email server in question is Roundcube.
Vic
Posted 2019-09-27T17:24:18.113
Reputation: 111
3
Yes, this is absolutely possible, doesn't change regardless of whether you're using a web-mail client or a conventional email client, and cannot be worked around at all.
Once the email is sent to the server, you literally lose all control of it. The server admin can have the system do whatever they want with it, including silently dropping it or completely rewriting the destination addresses.
This is one of the single biggest issues with using email for any type of data that is supposed to be kept secure, you have zero control over the transit path between your email client and the recipient's email client. This is compounded by the fact that there may be multiple email servers between your outgoing server and the recipient's incoming mail server, which means more places the email could be intercepted or modified.
Austin Hemmelgarn
Posted 2019-09-27T17:24:18.113
Reputation: 4 345
Thank you for the answer. I understand the risks that the SMTP server can silently drop messages or change the recipient, but my original issue is if (readable) copies of the messages can be send to someone else (on the same email server, for example) without me knowing. I thought the message gets encrypted on the client and only the final recipient server can decrypt it. – Vic – 2019-09-28T07:42:21.910
1Standard emails are not end-to-end encrypted - and indeed this limitation was, I believe the initial reason for PGP (which offers end-to-end encryption). If you think about it, practical end-to-end encryption is not possible without a preestablished trust relationship so there is no way to configure this in the SMTP protocol. Also, emails are typically stored on the server and retrieved using IMAP/POP or similar - entirely different protocols. – davidgo – 2019-09-28T08:40:09.783
1If absolutely can be worked around (but its not pleasant). PGP is 1 workaround. Protonmail is another. – davidgo – 2019-09-28T08:47:45.213
@davidgo Does it mean that when I configure a secure (e.g. StartTLS) connection on my client (say Thunderbird) to use an SMTP server (for example Gmail) this is only for the connetion between my client and the SMTP server? How is an email transmitted then? I assume that the SMTP server establishes a (hopefully secure) TCP connection with the recipient server and transmits the message. – Vic – 2019-09-28T09:30:54.577
2@Vic Yep, that's how it works. And unfortunately, there are a lot of mail servers out there that still don't properly set up secure connections to other mail servers for relaying. – Austin Hemmelgarn – 2019-09-28T13:51:21.060
@davidgo That technically doesn't work around it, it just makes it less useful for an attacker. Even with PGP/MIME, S/MIME or other encryption options, they can still redirect, delay, or drop the email, or modify the headers however they want (unless you're using DKIM and implemented it right, but that only protects the headers), and they can also still read the headers regardless (which is still potentially interesting to an attacker even without the context of the message body). – Austin Hemmelgarn – 2019-09-28T13:58:42.193
@AustinHemmelgarn agreed. – davidgo – 2019-09-28T18:38:52.847
3Yes, it's possible for an admin to do something at the server level when you send external emails, that's totally possible depending on whatever email server you are using depends on the methods available though. No, I don't think encrypted TLS email is going to help here as the TLS security is usually email server to email server communication and not from the email client (e.g. Outlook, Thunderbird, etc.) to the internal email server. I think Roundcube is not the email server and just a web interface/client to interface with the email server for sending and receiving. – Pimp Juice IT – 2019-09-27T17:50:42.467
@PimpJuiceIT Seriously? Does it mean that when I am using, for example, Thunderbird with Gmail SMTP server with TLS my message goes to the Gmail server unencrypted and only then the SMTP server encrypts it? I thought that the TLS handshake process involves the client and the end server, so that nobody in the middle can decode the message. – Vic – 2019-09-28T07:33:22.527
1@Vic PimpJuiceIT is only partly correct (but his conclusion is correct) Email from a mail client to a mail server sent over SMTP may be encrypted using TLS or StartTLS - but it is a different path to regular SMTP. Regardless, the SMTP server you are sending through can bcc email you sent if so configured. – davidgo – 2019-09-28T08:36:13.607
1Postfix (an extremely common mail server that I'm familiar with) has a config option for bcc'ing all email (always_bcc). Newer versions of Postfix have additional mechanisms to allow per sender BCC'ing almost out the box. Other mail servers will be similar. – davidgo – 2019-09-28T08:42:49.403
Roundcube is not a mail server, its a Webmail client written in PHP. Probably pointless, but it would be fairly easy to modify to BCC all emails you send, or do Amy other manipulation - PHP is an easy to use interpreted language - I could make the required changes with no more then a text editor like notepad! – davidgo – 2019-09-28T08:45:48.670