On 2018-06-26 03:37:03 (-0400), Viktor Dukhovni wrote:
Overall, I am somewhat skeptical that the STARTTLS everywhere
approach to improving SMTP security is a good idea
For MTA<->MTA communication, there really isn't another choice. While
accepting authenticated mail on port 465 is commonly do
On 06/26/2018 12:03 AM, Viktor Dukhovni wrote:
The EFF announced a certbot plugin for Postfix today, which
is still in beta. A couple of things to keep in mind:
* If you've already deployed DANE, this stands a good chance
of breaking your DANE TLSA records. For the moment do not
dep
> On Jun 26, 2018, at 3:20 AM, Gary wrote:
>
> Am i making a mistake using the same cert for web and email?
Only to the extent that this constrains you operationally
to keep both services on the same key/cert rotation schedule.
From a security perspective, you're probably OK provided you've
Am i making a mistake using the same cert for web and email?
Original Message
From: postfix-us...@dukhovni.org
Sent: June 26, 2018 12:03 AM
To: postfix-users@postfix.org
Reply-to: postfix-users@postfix.org
Subject: New EFF certbot plugin for Postfix
The EFF announced a certbot plugin for
The EFF announced a certbot plugin for Postfix today, which
is still in beta. A couple of things to keep in mind:
* If you've already deployed DANE, this stands a good chance
of breaking your DANE TLSA records. For the moment do not
deploy this if have inbound DANE.
* Do consider
