So I have enabled TLS (though I forgot how I did this!) for
sending/receiving mail. It ONLY took me a year from when I started
working on this migration to finally pulling it off.
ANd of course, being on the cheap side, I used self-signed
certificates. Well I see some sites, including dovecot.org rejecting
emails.
Nov 20 10:19:45 z9m9z postfix/lmtp[4040]: 5CF7062110:
to=<dove...@dovecot.org>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=12,
delay=5890, delays=4534/1346/0.01/8.8, dsn=2.0.0, status=sent (250 2.0.0
Ok, id=04061-01-12, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as
8602A600B7)
Nov 20 10:19:46 z9m9z postfix/smtp[4090]: certificate verification
failed for dovecot.org[137.117.229.219]:25: self-signed certificate
Lovely, lovely. I CAN understand this. Afterall, secure communications
is my day job. But I don't like it. Does only accepting well-rooted
certs matter for server performance? Are there really DOS attacks
occuring on sites that accept self-signed certs (this listserver does
not seem to be using TLS)?
So now I either turn off TLS for MTA-MTA communications, or I find a
decent CA to get a cert from and I set it up right.
Do others here use self-signed certs in this way?
