On Tue, 24 Jun 2003, Joe wrote: > Satish Balay wrote: > > >How would you do this for an authenticated SMTP server (aka SSL)? I'm > >also interested in this info - as I use postfix locally for my > >outgoing mail. > > > hmm I've never experimented with this - all the > mail servers I've worked with are open for public > connections.... SSL and authenticated SMTP are mutually exclusive. SSL can be used for connections between client and server, or between servers. Currently, authenticated SMTP is limited to connections between client and server. I am using both, currently. In my /etc/postfix/main.cf, for TLS (SSL) connections, I have the following: # TLS smtpd_tls_cert_file = /etc/postfix/burgers.pem smtpd_tls_key_file = /etc/postfix/privkey.pem smtpd_tls_loglevel = 1 smtpd_use_tls = yes smtp_use_tls = yes smtpd_tls_cipherlist = DEFAULT smtp_tls_note_starttls_offer = yes smtp_starttls_timeout = 300s tls_random_source = dev:/dev/urandom tls_random_exchange_name = /etc/postfix/prng_exch Note that "burgers.pem" and "privkey.pem" are the SSL key and certificate files. In my case, they're self-signed, but if you really want to be able to make full use of TLS/SSL, you'll probably want to buy an actual secure certificate from an actual secure cert authority...or, if you already have the same files for use with your web server, those same key and cert files should work just fine. -- Mike Burger http://www.bubbanfriends.org Visit the Dog Pound II BBS telnet://dogpound2.citadel.org or http://dogpound2.citadel.org:2000 To be notified of updates to the web site, send a message to: site-update-request@xxxxxxxxxxxxxxxxx with a message of: subscribe
