Noel,

this is not a big deal to me, but here's where I became concerned about
self-signed certs:

On Mon, 12 Mar 2012, Noel Jones wrote:
>
> On 3/12/2012 12:14 PM, Richard Troy wrote:
> > The documentation found here:
> >
> > http://www.postfix.org/TLS_README.html
> >
> > claims (intimates) that it's not possible to run a site on a self-signed
> > certificate, however, there's ZERO budget for a signed certificate, so
> > unless I can get one for ten bucks somewhere, that could be a
>
> Untrue, a self-signed certificate works fine.  Be aware mail clients
> will complain about an invalid or untrusted certificate.  This isn't
> any different than using a self-signed cert with dovecot.

Here's the citation: on the page whose URL is above, second paragraph
under "Server-side certificate and private key configuration" reads to me
to _intimate_ that you'll have trouble with a self-signed certificate and,
as it operates on all your inbound email it could mean trouble - and I
quote:

"Public Internet MX hosts without certificates signed by a "reputable" CA
must generate, and be prepared to present to most clients, a self-signed
or private-CA signed certificate. The remote SMTP client will generally
not be able to authenticate the self-signed certificate, but unless the
client is running Postfix or similar software, it will still insist on a
server certificate."

Richard

Reply via email to