Hello,
We host mail services for a few dozen domains. We will eventually
require TLS for all client connections.
I have reviewed what seems to be the most comprehensive thread on this
subject (
http://postfix.1071664.n5.nabble.com/TLS-SNI-support-td25552.html ) and,
in light of that information,
* Ben Johnson :
> Hello,
>
> We host mail services for a few dozen domains. We will eventually
> require TLS for all client connections.
>
> I have reviewed what seems to be the most comprehensive thread on this
> subject (
> http://postfix.1071664.n5.nabble.com/TLS-SNI-support-td25552.html ) and
On Mon, Jul 15, 2013 at 12:47:53PM -0400, Ben Johnson wrote:
> In essence, our clients wish to use their own SSL certificates for their
> SMTP connections.
Are these submission clients? What does the above mean?
> Our clients will not accept the position, "You just have to ignore the
> 'domain
Ben Johnson:
> Hello,
>
> We host mail services for a few dozen domains. We will eventually
> require TLS for all client connections.
>
> I have reviewed what seems to be the most comprehensive thread on this
> subject (
> http://postfix.1071664.n5.nabble.com/TLS-SNI-support-td25552.html ) and,
>
On Tue, Jul 16, 2013 at 12:47 AM, Ben Johnson wrote:
> Hello,
>
> We host mail services for a few dozen domains. We will eventually
> require TLS for all client connections.
>
> I have reviewed what seems to be the most comprehensive thread on this
> subject (
> http://postfix.1071664.n5.nabble.co
On 7/15/2013 1:03 PM, Patrick Ben Koetter wrote:
> In absence of SNI either the MX of all domains point to one MX with a valid
> cert or you bring up an instance per domain.
>
Bringing-up a Postfix instance per domain would require unique ports (or
a dedicated IP address) for each instance, cor
(Viktor, I'm going to reply to Wietse first, just because his questions
are fewer and I am hoping to clarify the points of confusion before
others reply.)
On 7/15/2013 1:24 PM, Wietse Venema wrote:
> Ben Johnson:
>> Hello,
>>
>> We host mail services for a few dozen domains. We will eventually
>>
On 7/15/2013 1:10 PM, Viktor Dukhovni wrote:
> On Mon, Jul 15, 2013 at 12:47:53PM -0400, Ben Johnson wrote:
>
>> In essence, our clients wish to use their own SSL certificates for their
>> SMTP connections.
>
> Are these submission clients? What does the above mean?
>
Yes, these are submission
Ben Johnson:
> On 7/15/2013 1:10 PM, Viktor Dukhovni wrote:
> > On Mon, Jul 15, 2013 at 12:47:53PM -0400, Ben Johnson wrote:
> >
> >> In essence, our clients wish to use their own SSL certificates for their
> >> SMTP connections.
> >
> > Are these submission clients? What does the above mean?
>
On 16 Jul 2013 03:15, "Wietse Venema" wrote:
>
> Ben Johnson:
> > On 7/15/2013 1:10 PM, Viktor Dukhovni wrote:
> > > On Mon, Jul 15, 2013 at 12:47:53PM -0400, Ben Johnson wrote:
> > >
> > >> In essence, our clients wish to use their own SSL certificates for
their
> > >> SMTP connections.
> > >
> >
On 7/15/2013 3:14 PM, Wietse Venema wrote:
> Ben Johnson:
>> On 7/15/2013 1:10 PM, Viktor Dukhovni wrote:
>>> On Mon, Jul 15, 2013 at 12:47:53PM -0400, Ben Johnson wrote:
>>>
In essence, our clients wish to use their own SSL certificates for their
SMTP connections.
>>>
>>> Are these sub
Ben Johnson:
> In the meantime, I am all ears, regarding jf's question about SNI
> proxying via, for example, nginx. If that subject is best addressed to
> the nginx mailing list, I am happy to take the discussion to the
> appropriate list.
According to a thread in March 2013 they did not support
Craig R. Skinner wrote:
No Apache, PHP or webmail. HTTP was designed to transfer hyperlinked
text files, not do dynmaic stuff with root access to the whole box.
Beware!
IMAP (Thunderbird, Elm, KMail) is the way to go.
https://en.wikipedia.org/wiki/Comparison_of_email_clients#Operating_system
On Mon, Jul 15, 2013 at 03:38:31PM -0400, Ben Johnson wrote:
> > It's entirely reasonable if they want to be able to change email
> > provider without having to update all their clients.
>
> This is the strongest argument that I've seen for adding SNI support to
> Postfix. I hadn't even considere
On 2013-07-15 Mon 16:26 PM |, Kris Deugau wrote:
> Craig R. Skinner wrote:
> >No Apache, PHP or webmail. HTTP was designed to transfer hyperlinked
> >text files, not do dynmaic stuff with root access to the whole box.
> >Beware!
> >
> >IMAP (Thunderbird, Elm, KMail) is the way to go.
> >https:/
On 7/15/2013 3:35 PM, Viktor Dukhovni wrote:
>>> Unfortunately there are not a lot of development cycles for adding
>>> a decent SNI implementation to Postfix.
>
> I have no time for this.
And this is precisely why an entire VPS industry has sprouted over the
past few years. As someone stated d
On 07/16/2013 05:30 AM, Ben Johnson wrote:
If your clients insist that a mail server is only professional if the TLS
session has their domain name written on it, then give them what they want at
the price it costs to implement it.
Your position is perfectly reasonable, and is more or less the p
17 matches
Mail list logo
