Will have a go at those instructions thanks.
I don't want to make things difficult for our clients. I like the setup
that allows the client to use pop details to authenticate - I even
managed to get that working ;)
What I was trying to do with TLS was to encrypt the password that gets
sent (but i'm not sure this is even necessary)
Would it be alright to leave out TLS support? / OR / if TLS support is
enabled does it have to be used or will the pop details still authenticate?
Sorry am getting myself horribly confused at this stage. I really
appreciate all the assistance.
Kate
Noel Jones wrote:
Lists wrote:
I have spent the last couple of hours trying to get TLS working,
sadly no luck.
When I telnet and and do STARTTLS I get the error no server certs
available TLS won't be enabled.
I followed the instructions on the how to forge (the link I was given
before was a tad over my head)
The certs are all made and in the /etc/postfix/ssl/mailserver directory
Undo whatever you've done and follow the "quick and dirty"
instructions in the postfix TLS_README.
http://www.postfix.org/TLS_README.html#quick-start
as an aside - does this require a purchased security certificate to
work?
No, self signed certificates are fine.
However, after you get everything working you might want to buy a
certificate to make it easier on your users (assuming more than a
small group). I like rapidsslonline for cheap, widely accepted
certificates, but there are others.
The only reason to buy a certificate is so your users don't have mess
with importing your own root certificate into their client, or to keep
from training them to ignore "invalid certificate" errors.
Also to check I understand does the client (i.e. thunderbird) send a
request to send to the server which sends them back a key that gets
'attached' to the email that is sent which then authenticates when it
reaches the server and is allowed to be sent? Or have I got it all
wrong.
Nothing is attached to the email, maybe you're thinking about DKIM.
google for "how TLS works" or similar.
