On Wed, July 15, 2009 19:58, Victor Duchovni wrote:
> openssl s_client -starttls stmp -connect 192.0.2.1:25
typo, will most likely be smtp
--
xpoint
On Thu, Jul 16, 2009 at 01:52:10PM -0400, Linux Addict wrote:
> > This is not sufficiently precise, what does "using" mean? Printing it
> > on a piece of paper and using it as bathroom wallpaper? :-)
>
> :-) Honestly I haven't spoke to them directly, just working based on using
> piece of mail I
On Thu, Jul 16, 2009 at 12:03 PM, Victor Duchovni <
victor.ducho...@morganstanley.com> wrote:
> On Thu, Jul 16, 2009 at 09:33:24AM -0400, Linux Addict wrote:
>
> > I am reading TLS page on postfix and here
> > http://www.state-of-mind.de/assets/postfix_tls.pdf.
> >
> > I have one last question. Wh
On Thu, Jul 16, 2009 at 09:33:24AM -0400, Linux Addict wrote:
> I am reading TLS page on postfix and here
> http://www.state-of-mind.de/assets/postfix_tls.pdf.
>
> I have one last question. What I am trying to setup is, I have set of hosts
> in LAN which use postfix relay servers in DMZ to send (
On Wed, Jul 15, 2009 at 3:07 PM, Victor Duchovni <
victor.ducho...@morganstanley.com> wrote:
> On Wed, Jul 15, 2009 at 02:33:46PM -0400, Linux Addict wrote:
>
> > I ran openssl test command that you provided and doesn't look like my
> cert
> > config is good.
> >
> >
> > [r...@mx01 ~]# openssl s_c
On Wed, Jul 15, 2009 at 02:33:46PM -0400, Linux Addict wrote:
> I ran openssl test command that you provided and doesn't look like my cert
> config is good.
>
>
> [r...@mx01 ~]# openssl s_client -starttls smtp -connect localhost:25
> CONNECTED(0003)
> ---
> Certificate chain
> 0 s:/C=US/ST=
On Wed, Jul 15, 2009 at 1:58 PM, Victor Duchovni <
victor.ducho...@morganstanley.com> wrote:
> On Wed, Jul 15, 2009 at 01:49:24PM -0400, Linux Addict wrote:
>
> > smtp_tls_note_starttls_offer = yes
> > smtp_use_tls = yes
> > smtpd_tls_CAfile = /usr/share/ssl/certs/cacert.pem
>
> Make that:
>
>
On Wed, Jul 15, 2009 at 01:49:24PM -0400, Linux Addict wrote:
> smtp_tls_note_starttls_offer = yes
> smtp_use_tls = yes
> smtpd_tls_CAfile = /usr/share/ssl/certs/cacert.pem
Make that:
smtp_tls_CAfile = ...
you don't need an smtpd_tls_CAfile, unless your cert file is missing
the intermed
On Wed, Jul 15, 2009 at 12:52 PM, Victor Duchovni <
victor.ducho...@morganstanley.com> wrote:
> On Wed, Jul 15, 2009 at 10:38:55AM -0400, Linux Addict wrote:
>
> > Hello Gurus, Currently my postfix server runs with self-signed cert, but
> now
> > I was asked to implement verisign cert for some of
On Wed, Jul 15, 2009 at 10:38:55AM -0400, Linux Addict wrote:
> Hello Gurus, Currently my postfix server runs with self-signed cert, but now
> I was asked to implement verisign cert for some of the outgoing mails.
You are mightily confused. X.509 certificates with SMTP STARTTLS are for
*incoming*
I assume you're using this certificate for TLS, so the answer is NO, no
single mails will be encrypted - TLS is "only" there to allow MTA's to
encrypt their transport layer. If no restrictions are configured this
happens automagically if both endpoints support TLS.
Best regards,
Thomas Gelf
Linu
11 matches
Mail list logo