On 10/16/17 14:50, Viktor Dukhovni wrote: > On Mon, Oct 16, 2017 at 02:00:00PM -0400, Phil Stracchino wrote: > >> On 10/16/17 13:34, cac...@quantum-equities.com wrote: >>> Anyone have handy the openssl commands to generate my own key and cert >>> for Postfix? >> >> Have you considered using letsencrypt instead of a self-signed key that >> many sites may reject as untrusted? > > The word "reject" is out of place here. TLS is opportunistic in > MTA-to-MTA SMTP, and absent explicit security policy to the > contrary, delivery proceeds despite lack of trusted certificates.
You're completely correct, I forgot that Postfix really doesn't use certificates in the same way that other services do. -- Phil Stracchino Babylon Communications ph...@caerllewys.net p...@co.ordinate.org Landline: +1.603.293.8485 Mobile: +1.603.998.6958
