On Aug 7, 2013, at 12:15, John Allen <j...@klam.ca> wrote: > On 07/08/2013 2:09 AM, DTNX Postmaster wrote: >> On Aug 7, 2013, at 02:32, John Allen <j...@klam.ca> wrote: >> >>> root@bilbo:~# postconf -nf >> [snip] >> >>> smtp_tls_cert_file = /root/ssl/certs/KLaM_Mail.pem >>> smtp_tls_key_file = /root/ssl/private/KLaM_Mail.key >> http://www.postfix.org/postconf.5.html#smtp_tls_cert_file >> >> Are you sure you need those there? >> >> Have a look at your own config, and look up every setting in the >> documentation. Ask yourself if there are good reasons you are >> overriding the default, and whether your custom setting still makes >> sense given the recommendations from the documentation. >> > I am not sure. One of the problems we have is that a many of our clients work > force are "road warriors". While SASL allows us to confirm who is calling it > does not protect the content from snooping, whereas TLS does. As some of the > Far eastern countries are not averse to pilfering ideas we think this is > worth while. However, suggestions for alternatives are welcome.
Have you read the documentation? I don't think you have. The 'smtp_tls_cert_file' setting is for outgoing connections only, as in, your server sending to other servers. Has nothing to do with road warriors, and unless you have an upstream relay that requires a client certificate to send mail, you should probably stick with the recommended defaults. Mvg, Joni
