client certificate?
in [Postfix]
|
From: James on 10 Jul 2010 12:59 I currently use ssh to forward a local port to port 25 on my mail server. I would like to submit mail on port 465 but I am on DHCP and I don't want to update main.cf whenever I get a new IP (plus I have a laptop that could be on any network). I think I need to do something with client certificates?
From: Ansgar Wiechers on 10 Jul 2010 13:52 On 2010-07-10 James wrote: > I currently use ssh to forward a local port to port 25 on my mail > server. I would like to submit mail on port 465 No, you wouldn't. > but I am on DHCP and I don't want to update main.cf whenever I get a > new IP (plus I have a laptop that could be on any network). > I think I need to do something with client certificates? No. You need a server certificate, enable submission (port 587/tcp, SASL authentication), and point your clients to that port. Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
From: Christopher Hilton on 18 Jul 2010 10:32 On Jul 10, 2010, at 1:52 PM, Ansgar Wiechers wrote: > On 2010-07-10 James wrote: >> I currently use ssh to forward a local port to port 25 on my mail >> server. I would like to submit mail on port 465 > > No, you wouldn't. > >> but I am on DHCP and I don't want to update main.cf whenever I get a >> new IP (plus I have a laptop that could be on any network). >> I think I need to do something with client certificates? > > No. You need a server certificate, enable submission (port 587/tcp, SASL > authentication), and point your clients to that port. > Port 465/tcp is called "smtps" in master.cf. It's the old way of doing "secure smtp". It's a convenience for people who have to support clients running older version of MS Outlook or MS Outlook Express. By default older versions of those clients would use SMTP+AUTH+Old Style TLS on port 465 to send mail. If you don't have to support these people just use port 587. If some of your user population is running Outlook Express 2003, turning on "smtps" with the restriction that they use SSL/TLS and SASL authentication is handy. I support internet services for a small consulting firm that uses a postfix/courier server in a "virtual office" setup. All of my users are remote so I don't get to see what's on their screens as they configure things. Outlook express can be convinced to use 587 but my experience with my users I find that Outlook sometimes changes the port setting from 587 to 465 during configuration. You will need a certificate for this but if the number of clients is small you don't have to go to Verisign or some other Trust agency. -- Chris Chris Hilton e: chris|at|vindaloo|dot|com ---------------------------------------------------------------------------- "The pattern juggler lifts his hand; The orchestra begin. As slowly turns the grinding wheel in the Court of the Crimson King." -- Ian McDonald / Peter Sinfield
From: Wietse Venema on 18 Jul 2010 10:47 Christopher Hilton: > Outlook express can be convinced to use 587 but my experience with > my users I find that Outlook sometimes changes the port setting > from 587 to 465 during configuration. > > You will need a certificate for this but if the number of clients > is small you don't have to go to Verisign or some other Trust > agency. Are you sure that OUTLOOK requires a client certificate for this? SSL and TLS don't require it, and neither does Postfix. Wietse
From: Matt Hayes on 18 Jul 2010 11:09 On Sunday, July 18, 2010 10:47:54 am Wietse Venema wrote: > Christopher Hilton: > > Outlook express can be convinced to use 587 but my experience with > > my users I find that Outlook sometimes changes the port setting > > from 587 to 465 during configuration. > > > > You will need a certificate for this but if the number of clients > > is small you don't have to go to Verisign or some other Trust > > agency. > > Are you sure that OUTLOOK requires a client certificate for this? > SSL and TLS don't require it, and neither does Postfix. > > Wietse I can tell you that outlook does not require a certificate for SSL/TLS. I have quite a few people at work that use Outlook and connect to our servers using SSL; no certificate required. -Matt
|
Next
|
Last
Pages: 1 2 Prev: Something Lighter Than Forward Address Verification? Next: smtp server authentication fail.. |