On 16/10/17 15:19, Phil Stracchino wrote: > On 10/16/17 14:50, Viktor Dukhovni wrote: >> On Mon, Oct 16, 2017 at 02:00:00PM -0400, Phil Stracchino wrote: >> >>> On 10/16/17 13:34, cac...@quantum-equities.com wrote: >>>> Anyone have handy the openssl commands to generate my own key and cert >>>> for Postfix? >>> >>> Have you considered using letsencrypt instead of a self-signed key that >>> many sites may reject as untrusted? >> >> The word "reject" is out of place here. TLS is opportunistic in >> MTA-to-MTA SMTP, and absent explicit security policy to the >> contrary, delivery proceeds despite lack of trusted certificates. > > You're completely correct, I forgot that Postfix really doesn't use > certificates in the same way that other services do.
s/Postfix/SMTP/ There isn't nothing specific about Postfix in what Viktor describes, and you make it sound like Postfix does something anomalous. But it is the way SMTP works. Cheers, Daniele
