Re: Self-signed TLS certificates

2018-01-21 Thread DTNX Postmaster
On 21 Jan 2018, at 21:47, Noel Jones wrote: > On 1/21/2018 2:26 PM, Danny Horne wrote: >> Hi all, >> >> Apologies if this has been discussed before, but currently I use >> self-signed certificates on my Postfix servers for TLS negotiation, I'm >> doing this mainly to keep the costs down. As far

Re: Request for feedback on SMTPD restrictions

2018-01-21 Thread li...@lazygranch.com
On Sun, 21 Jan 2018 14:35:42 -0600 Noel Jones wrote: > On 1/20/2018 11:56 PM, J Doe wrote: > > Hi, > > > > I have a basic SMTP server set up with what I believe to be good > > smtpd_*_ restrictions, but I was wondering if anyone could provide > > any insight on how to improve them or if I have b

Re: Self-signed TLS certificates

2018-01-21 Thread Viktor Dukhovni
> On Jan 21, 2018, at 4:07 PM, Danny Horne wrote: > > I won't ask you to expand on why wildcard certificates should be avoided > (unless you want to). The short version: 1. People who use wildcard certs tend to DoS themselves by breaking every server with the shared key+certificate c

Re: Self-signed TLS certificates

2018-01-21 Thread Danny Horne
On 21/01/2018 8:47 pm, Viktor Dukhovni wrote: >> I see wildcard SSL certificates are coming down in price, I use >> SSL on one or two websites and am starting to consider one of these >> to cover everything I do. Am I right in assuming a standard wildcard >> SSL certificate will be usable on both

Re: Self-signed TLS certificates

2018-01-21 Thread Noel Jones
On 1/21/2018 2:26 PM, Danny Horne wrote: > Hi all, > > Apologies if this has been discussed before, but currently I use > self-signed certificates on my Postfix servers for TLS negotiation, I'm > doing this mainly to keep the costs down.  As far as I'm aware I don't > have any problems sending / r

Re: Self-signed TLS certificates

2018-01-21 Thread Viktor Dukhovni
> On Jan 21, 2018, at 3:26 PM, Danny Horne wrote: > > Apologies if this has been discussed before, but currently I use > self-signed certificates on my Postfix servers for TLS negotiation, I'm > doing this mainly to keep the costs down. The current cost of TLS certificates that chain up to bro

Re: Request for feedback on SMTPD restrictions

2018-01-21 Thread Noel Jones
On 1/20/2018 11:56 PM, J Doe wrote: > Hi, > > I have a basic SMTP server set up with what I believe to be good smtpd_*_ > restrictions, but I was wondering if anyone could provide any insight on how > to improve them or if I have been redundant in the restrictions. Even with > reading the man

Self-signed TLS certificates

2018-01-21 Thread Danny Horne
Hi all, Apologies if this has been discussed before, but currently I use self-signed certificates on my Postfix servers for TLS negotiation, I'm doing this mainly to keep the costs down.  As far as I'm aware I don't have any problems sending / receiving email to / from the major providers, but cou