On Thu, Feb 25, 2010 at 10:30:00AM -0700, Michael Torrie wrote: > > Looks like most servers that my server talks to will allow TLS, and > that's what my server defaults to when it can (sendmail). If everyone > set it up that way then we'd be golden. Also if certificates were > validated (my server currently does not validate), that would also act > somewhat as a spambot deterrent.
On my laptop, I use Postfix with my home server as a relayhost. Last night I was able to set up the laptop to verify the self-signed certificate on the server (which was surprisingly simple). I just had to do: smtp_tls_security_level = fingerprint smtp_tls_fingerprint_digest = sha1 and then set the smtp_tls_fingerprint_cert_match option based on the output of: openssl x509 -fingerprint -noout -sha1 -in /secrets-mcnabbs/certs/mail.mcnabbs.org.crt Anyway, I thought that might come in handy for someone. By the way, I've always done self-signed certificates for home stuff because it's not worth paying crooks like Verisign. Have things improved recently? Are there any free certificate authorities that are reasonable to work with? -- Andrew McNabb http://www.mcnabbs.org/andrew/ PGP Fingerprint: 8A17 B57C 6879 1863 DE55 8012 AB4D 6098 8826 6868 -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info (unsubscribe here): http://uug.byu.edu/mailman/listinfo/uug-list
