On Sat, 2013-06-01 at 15:06 -0400, Chris Knadle wrote: > On Friday, May 31, 2013 07:15:36, Marc Haber wrote: [...] > > SMTP with client certificates is possible, but I > > have only seen this two times in 15 years of running E-Mail servers. > > Yes I'd expect this to be rare, and I can't recall using them for SMTP. [...]
I set up my smarthost to allow relaying from external servers that present a CAcert-signed client certificate for a name under decadent.org.uk. Any machine outside the home LAN then needs such a certificate installed before using this smarthost. It wasn't that easy to set up, and the certificates need to be renewed regularly (every 6 months for CAcert), but the credentials are now clearly associated with a machine rather than a person and it effectively validates that I'm using TLS for outgoing mail from my laptop. (But did I correctly enable validation of the smarthost's server certificate? Not sure.) Ben. -- Ben Hutchings You can't have everything. Where would you put it?
signature.asc
Description: This is a digitally signed message part
