Lists wrote:
I have spent the last couple of hours trying to get TLS working, sadly
no luck.
When I telnet and and do STARTTLS I get the error no server certs
available TLS won't be enabled.
I followed the instructions on the how to forge (the link I was given
before was a tad over my head)
The certs are all made and in the /etc/postfix/ssl/mailserver directory
Undo whatever you've done and follow the "quick and dirty"
instructions in the postfix TLS_README.
http://www.postfix.org/TLS_README.html#quick-start
as an aside - does this require a purchased security certificate to work?
No, self signed certificates are fine.
However, after you get everything working you might want to
buy a certificate to make it easier on your users (assuming
more than a small group). I like rapidsslonline for cheap,
widely accepted certificates, but there are others.
The only reason to buy a certificate is so your users don't
have mess with importing your own root certificate into their
client, or to keep from training them to ignore "invalid
certificate" errors.
Also to check I understand does the client (i.e. thunderbird) send a
request to send to the server which sends them back a key that gets
'attached' to the email that is sent which then authenticates when it
reaches the server and is allowed to be sent? Or have I got it all wrong.
Nothing is attached to the email, maybe you're thinking about
DKIM. google for "how TLS works" or similar.
--
Noel Jones
