Jason Mitchell wrote: > Everything you have written is totally accurate, but self signed > certificates for SMTP may be going away. > > The latest version of Thunderbird requires a valid certificate on > the SMTP server it uses. > > (Sorry for the formatting, I can't send mail from my laptop until I > fix the certificate issue (: )
Uhm... yes... your formatting problematic. Your message was missing entirely from the plain text version of the message! That's not good. That made things super confusing. It only appeared in the html text version of the message. I had to dig it out! :-) I am not using Thunderbird (mutt user here) but I must ask for clarification. Perhaps there are other Thunderbird users who know? As far as I know Thunderbird will *read* mail using many possible different protocols perhaps the most typical today being IMAPS using a TLS IMAP connection and that TLS connection needs a valid certificate. That is most easily done using Let's Encrypt and a Domain Validation certificate. Works great. Zero cost. Dovecot is typical to serve IMAPS. Then Thunderbird will *send* mail using again many possible protocols but perhaps most typically using an authenticated SMTP to the submission port 587 on the configured mail server. Postfix is my preference. This outbound connection to the submission port will use STARTTLS most typically and will require authentication credentials. An account name and password. This TLS connection would most typically be a self-signed certificate but again a Domain Validation DV certificate using Let's Encrypt is easily available on the server side of things. I have more than a few times seen certificates that were at one time valid but long expired being used for this purpose. Because there is not a hard requirement that they validate. And so no one notices. Because nothing breaks when they expire. This TLS outbound *may* also use certificates for authentication of the user. That is of course the "BEST" method but most mailbox service providers of which I am aware use traditional account names and passwords because... Consumers! Consumers are people and usually not very technical and therefore passwords are the least amount of support for getting them hooked up for outbound email. I apologize to the group for monopolizing the conversation with so many mail messages here today. Sorry! Bob
