Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
None
-
0
-
Description
We need to have encrypted at rest emails using S/MIME or PGP certificates as those emails contain sensitive content. Currently, only the transport layer is secured with TLS, which is not enough for customers working in highly regulated industries.
Original request:
Problem Definition
The mail being sent out by Bitbucket Server are not encrypted. While accessing the tools can be easily secured through SSL the security pain point are the notification emails. Enabling TLS for the mail server is useless in most scenarios as this only secures the transport layer.
Suggested Solution
The strategy applies to a scenario where emails to some domains could be delivered without any concern (e.g. secure internal domain) and some emails to external suppliers needs to be dropped or filtered. In this case, I recommend my customers set up a postfix after-queue filter to do the trick - which works pretty well.