Prev: mail not getting to hotmail/msn destinations
Next: cleanup does not recognize mail after returning from content-filtersmtpd
From: Scott on 4 Apr 2007 03:54
Hi,

Not sure if this is the right list to post this question, but I'm just
getting introduced to TLS (not to mention the details of certificates
in general) and I'm wondering if anyone can answer a few questions I
have. There is alot of information out there but it's always difficult
to find definitive answers so hopefully you guys can save me some
time. I'm using the latest version of Postfix though I'm generally
interested in how other MTAs deal with TLS and how it is used in the
wild.

Q. How do sites that accept mail for multiple domains support TLS for
all of them?

Postfix doesn't appear to have an answer to this at the moment, as you
can only specify a single SMTPD certificate/private key, and if you
were to purchase a certificate I'm not clear on whether it would be
tied to your hostname or mail domain?

Example: I accept mail for both domain1.com and domain2.net, and I
want my single mail server to accept TLS connections for both. How do
people generally do this?

Q. How do sites with multiple email servers support TLS?

Do they buy a single certificate that is hostname-agnostic and use it
across all boxes, or buy one for each box? And if both are possible,
what's more common?

Q. How prevalent is TLS usage in the wild?

I ask this because if I set my baseline client-side config to attempt
TLS (ie/ smtp_tls_security_level = may), how often will I randomly hit
a server that supports TLS? Is it even common for people to do this,
or is it more common to establish a relationship beforehand (possibly
including the exchange of CA certs, if necessary) and do domain-
specific configurations?

Q. How much additional overhead will the use of TLS cause?

If I send alot of email to a few domains and they all happen to
support TLS, will this significantly slow down my heavily-loaded email
servers?

Yes, I know - alot of questions (and I probably have more I forgot to
ask). I guess I'm just thus far dissatisfied with amount of
information around the generalities of TLS (or unable to find it,
anyways). I'm hoping to get some very experienced perspectives on the
above questions to guide me.

Thanks for all your help!

Scott.

 | 
Pages: 1
Prev: mail not getting to hotmail/msn destinations
Next: cleanup does not recognize mail after returning from content-filtersmtpd