On Tue, 24 Jun 2003, Satish Balay wrote: > > # TLS > > smtpd_tls_cert_file = /etc/postfix/burgers.pem > > smtpd_tls_key_file = /etc/postfix/privkey.pem > > smtpd_tls_loglevel = 1 > > smtpd_use_tls = yes > > smtp_use_tls = yes > > smtpd_tls_cipherlist = DEFAULT > > smtp_tls_note_starttls_offer = yes > > smtp_starttls_timeout = 300s > > tls_random_source = dev:/dev/urandom > > tls_random_exchange_name = /etc/postfix/prng_exch > > > > Note that "burgers.pem" and "privkey.pem" are the SSL key and certificate > > files. In my case, they're self-signed, but if you really want to be able > > to make full use of TLS/SSL, you'll probably want to buy an actual secure > > certificate from an actual secure cert authority...or, if you already have > > the same files for use with your web server, those same key and cert files > > should work just fine. > > Not sure I follow this one. I'm thinkig of: > > when postfix uses a SMTP realy - it should contact the relay with > ssl-smtp,username,passwd. for the specific e-mail destinations. My point is that SSL and authenticated SMTP are unrelated, insofar as making one or the other work. You can make SMTP-AUTH work over SSL, or in clear-text, but neither is required for the other to work...they're mutually exclusive to each other. SMTP servers do not authenticate on a user level...and even when SMTP is on an authenticated basis, it does not require SSL/TLS. > in pine lingo (modifying the sugested configuration could be) > > aol.com my.isps.mail.server/ssl/novalidate-cert/user=username/passwd=foobar > roadrunner.com my.isps.mail.server/ssl/novalidate-cert/user=username/passwd=foobar > > > Currently, authenticated SMTP is limited to connections between > > client and server. > > Looks like - it is not possible to set up what I want in > postfix/sendmail. Here postfix would be the client - and the external > smtp-relay is the server. Does the external smtp relay server require user level authentication? > I'm not running a mail server. I'm just using a local sendmail (aka > postfix) for all my outgoing mail from pine. I decided to do this - as > I can't specify multiple smtp servers to 'pine'. (home/ work / > somewere in a hotel with network access etc..) Whether your running it as an actual mail server or not, Postfix is a mail server daemon. While your postfix would be acting as a client to the remote recipient server, it's still a server...after all, it is accepting mail from your program (PINE, mutt, ELM, etc). If you just want Pine to send through your ISP's mail server, you'll need to configure PINE's smtp server settings. To tell the truth, I'm not aware that any SMTP daemon has a setting to act as an SMTP-AUTH client...just as an SMTP-AUTH server. If someone else has knowledge to the contrary, please fill us in. > I wonder how mutt users would do this (on their laptops) - as for mutt > - the correct tool to handle outgoing mail is a local sendmail (not > the ISP's smtp relay) Why? If, like PINE, mutt allows the setting of an outbound SMTP server, why would using that outbound SMTP server not be the correct tool for the purpose? Especially if PINE or mutt can be configured to pass a username and password for authentication purposes? And if user level authentication is not actually required by the remote SMTP server, then PINE or mutt's remote SMTP options should work just fine. -- Mike Burger http://www.bubbanfriends.org Visit the Dog Pound II BBS telnet://dogpound2.citadel.org or http://dogpound2.citadel.org:2000 To be notified of updates to the web site, send a message to: site-update-request@xxxxxxxxxxxxxxxxx with a message of: subscribe
