I'm setting up SASL with TLS for remote clients. As an additional
security measure, I would like the server to ask the email clients to
present their client certificates. According to the docs, this is
accomplished with:
smtpd_tls_ask_ccert = yes
But there are some ominous warnings about
2009/8/21 Florin Andrei flo...@andrei.myip.org:
I'm setting up SASL with TLS for remote clients. As an additional security
measure, I would like the server to ask the email clients to present their
client certificates. According to the docs, this is accomplished with:
smtpd_tls_ask_ccert =
Barney Desmond wrote:
Of course, you couldn't enforce this except on a
non-public-facing system, or on the submission port (587).
Actually, that's exactly what I just did. I configured a separate
listener on 587 and moved all TLS stuff to it. I was reluctant to do so
at first (the client is
* Florin Andrei flo...@andrei.myip.org:
I'm setting up SASL with TLS for remote clients. As an additional
security measure, I would like the server to ask the email clients to
present their client certificates. According to the docs, this is
accomplished with:
smtpd_tls_ask_ccert = yes
Ralf Hildebrandt wrote:
Aug 20 22:49:01 server postfix/smtpd[7724]: connect from
unknown[XXX.YYY.ZZZ.KKK]
Aug 20 22:49:02 server postfix/smtpd[7724]: setting up TLS connection
from unknown[XXX.YYY.ZZZ.KKK]
Aug 20 22:49:02 server postfix/smtpd[7724]: Anonymous TLS connection
established from
On Fri, Aug 21, 2009 at 06:09:52AM -0500, Noel Jones wrote:
Ralf Hildebrandt wrote:
Aug 20 22:49:01 server postfix/smtpd[7724]: connect from
unknown[XXX.YYY.ZZZ.KKK]
Aug 20 22:49:02 server postfix/smtpd[7724]: setting up TLS connection
from unknown[XXX.YYY.ZZZ.KKK]
Aug 20 22:49:02 server
Victor Duchovni wrote:
On Fri, Aug 21, 2009 at 06:09:52AM -0500, Noel Jones wrote:
Ralf Hildebrandt wrote:
Aug 20 22:49:01 server postfix/smtpd[7724]: connect from
unknown[XXX.YYY.ZZZ.KKK]
Aug 20 22:49:02 server postfix/smtpd[7724]: setting up TLS connection
from unknown[XXX.YYY.ZZZ.KKK]
Aug
Noel Jones:
Victor Duchovni wrote:
On Fri, Aug 21, 2009 at 06:09:52AM -0500, Noel Jones wrote:
Ralf Hildebrandt wrote:
Aug 20 22:49:01 server postfix/smtpd[7724]: connect from
unknown[XXX.YYY.ZZZ.KKK]
Aug 20 22:49:02 server postfix/smtpd[7724]: setting up TLS connection
from
On Fri, Aug 21, 2009 at 12:35:38PM -0400, Wietse Venema wrote:
I looked up TLS_README, and it would not hurt to have a short
sentence here and there to define terminology.
Will the following do?
Index: proto/TLS_README.html
--- proto/TLS_README.html 28 Apr 2009 21:44:30 -