1. The certificate file and key file can be combined into a single file. In this case, I point SMTPSSL_CERTFILE and SMTPSSL_KEYFILE to the same file name. The resulting file looks something like this:
-----BEGIN RSA PRIVATE KEY-----
u8CHhzeCb+A6YQsBbaj5c7R7/W+Xe0ezeRxyDHXQkh1e2qxZAgMBAAGjDTALMAkG
+xV1vXpzAkEA4VWI15NRR3FMwGLCOM3vE1d3IzUTjwaIh8J2VzjIuUCvfGn5fq1o...
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
jug59t9r2PENgC3MzwJAbrsDQN8s2c81ER1dh+tFBKFzS/wVG+UQOIRGirCBRgzx
Pw3OHzEIS+QEU3aTjPWNQReHOZduRgiymJmkjcllj11PvuMQ5xT2EUSSXnorpBOs...
-----END CERTIFICATE-----
Things work if the certificate and key are in different files too.
2. The certificate and key files need to be readable by the system account that controls my virtual domain, which is vmail. I've given my combined certificate/key file the permissions 400 and it is owned by vmail. I suspect permissions on the file would have to be much more lax if I were using individual system accounts for mail instead of one account servicing a virtual domain. Perhaps the certificate/key file(s) could be made readable by a supplementary group to which all mail users belong.
So there you go. Do you think this info would be worth putting into the TMDA FAQ somewhere?
I'm using Python 2.2 and TMDA 0.63 by the way.
Andrew
Jason R. Mastaler wrote:
Andrew <[EMAIL PROTECTED]> writes:1. Who should own the certificate and key files? What do the permissions need to be on these files?I'm actually not sure. I didn't have an SSL capable SMTP server to test with when I added this feature. You might just have to experiment to find the right combination.2. Can the certificate file and key file be combined into a single file?I don't believe so, no.
_____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
