> Do you really need a CA for your SMTP server certificate? Which > SMTP clients will trust this private CA?
What do you mean by "SMTP clients"? Are you talking about software or people? I'm the only user of that machine. IIRC, it's possible to check certificates in Gnus, but I haven't tried yet. > Better yet, don't bother with a CA if you don't need one. Hm, which steps [0] can be painlessly omitted? I thought that it's always necessary to have (or to be) a CA. > For modern clients that use EDH or ECDH > ciphers the certificate is not what protects the confidentiality > of the traffic (from passive eavesdropping attacks). It makes little > sense to waste CPU and risk server DoS with no upside. Does it mean that I should use ECDH if I want to prevent eavesdropping? Could you suggest a guide? Thank you [0] http://www.postfix.org/TLS_README.html#quick-start
