Noel,
this is not a big deal to me, but here's where I became concerned about self-signed certs: On Mon, 12 Mar 2012, Noel Jones wrote: > > On 3/12/2012 12:14 PM, Richard Troy wrote: > > The documentation found here: > > > > http://www.postfix.org/TLS_README.html > > > > claims (intimates) that it's not possible to run a site on a self-signed > > certificate, however, there's ZERO budget for a signed certificate, so > > unless I can get one for ten bucks somewhere, that could be a > > Untrue, a self-signed certificate works fine. Be aware mail clients > will complain about an invalid or untrusted certificate. This isn't > any different than using a self-signed cert with dovecot. Here's the citation: on the page whose URL is above, second paragraph under "Server-side certificate and private key configuration" reads to me to _intimate_ that you'll have trouble with a self-signed certificate and, as it operates on all your inbound email it could mean trouble - and I quote: "Public Internet MX hosts without certificates signed by a "reputable" CA must generate, and be prepared to present to most clients, a self-signed or private-CA signed certificate. The remote SMTP client will generally not be able to authenticate the self-signed certificate, but unless the client is running Postfix or similar software, it will still insist on a server certificate." Richard
