From: Jordi Espasa Clofent on 21 Apr 2010 03:53
I've configured a TLS/SSL smtpd in a box as follows:
# postconf -n | grep -i tls
smtpd_tls_cert_file = /usr/local/home/example.com.crt
smtpd_tls_key_file = /usr/local/home/example.com.key
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/usr/local/etc/postfix/smtpd_cache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
The cert is a wildcard certificate for *.example.com.
When the MUA (tested in Microsoft Outlook and Mazilla Thunderbird) tries
to send email using this box, it show a warning about the cert. It
happens when it try connection using STARTTLS (port 25) and also TLS/SSL
The box is named mai.example.com, so I understand a wildcard certificate
(*.example.com) should be enough.
I must not fear. Fear is the mind-killer. Fear is the little-death that
brings total obliteration. I will face my fear. I will permit it to pass
over me and through me. And when it has gone past I will turn the inner
eye to see its path. Where the fear has gone there will be nothing. Only
I will remain.
Bene Gesserit Litany Against Fear.