* Info Catalog Prev smtpmail: Authentication Up smtpmail: Top Next smtpmail: Queued delivery

smtpmail: Encryption

 
 4 Encryption
 ************
 
 For greater security, you can encrypt your connection to the SMTP
 server.  If this is to work, both Emacs and the server must support it.
 
    The SMTP library supports the “Transport Layer Security” (TLS), and
 the older “Secure Sockets Layer” (SSL) encryption mechanisms.  It also
 supports STARTTLS, which is a variant of TLS in which the initial
 connection to the server is made in plain text, requesting a switch to
 an encrypted channel for the rest of the process.
 
    The variable ‘smtpmail-stream-type’ controls what form of connection
 the SMTP library uses.  The default value is ‘nil’, which means to use a
 plain connection, but try to switch to a STARTTLS encrypted connection
 if the server supports it.  Other possible values are: ‘starttls’ to
 insist on STARTTLS; ‘ssl’ to use TLS/SSL; and ‘plain’ for no encryption.
 
    Use of any form of TLS/SSL requires support in Emacs.  You can either
 use the built-in support (in Emacs 24.1 and later), or the ‘starttls.el’
 Lisp library.  The built-in support uses the GnuTLS (1) library.  If
 your Emacs has GnuTLS support built-in, the function
 ‘gnutls-available-p’ is defined and returns non-‘nil’.  Otherwise, you
 must use the ‘starttls.el’ library (see that file for more information
 on customization options, etc.).  The Lisp library requires one of the
 following external tools to be installed:
 
   1. The GnuTLS command line tool ‘gnutls-cli’, which you can get from
      <http://www.gnu.org/software/gnutls/>.  This is the recommended
      tool, mainly because it can verify server certificates.
 
   2. The ‘starttls’ external program, which you can get from
      ‘starttls-*.tar.gz’ from <ftp://ftp.opaopa.org/pub/elisp/>.
 
    The SMTP server may also request that you verify your identity by
 sending a certificate and the associated encryption key to the server.
 If you need to do this, you can use an ‘~/.authinfo’ entry like this:
 
      machine mail.example.org port 25 key "~/.my_smtp_tls.key" cert "~/.my_smtp_tls.cert"
 
 (This replaces the old ‘smtpmail-starttls-credentials’ variable used
 prior to Emacs 24.1.)
 
    ---------- Footnotes ----------
 
    (1) <http://www.gnu.org/software/gnutls/>
* Info Catalog Prev smtpmail: Authentication Up smtpmail: Top Next smtpmail: Queued delivery