Re: per-person SMTP client
On Wed, Jan 26, 2005 at 08:48:52AM +0100, martin f krafft wrote:
> also sprach Craig Sanders <cas@taz.net.au> [2005.01.26.0230 +0100]:
> > your best bet is to rent a co-lo server somewhere and run postfix
> > on it.
>
> I am doing so, currently using TLS client certificates to authenticate
> relaying.
perfect.
> However, certificates expire and I do not have a real CA
> infrastructure, so management is just a little too much when the
> number of workstations rises as it did since the beginning of the new
> year.
huh? don't tell me you've fallen for the self-serving lies of the ssl
certificate industry? a self-generated certificate is as good as one of their
X hundred dollar certificates - especially if you are only using it to
authenticate your own clients on your own server. the only time an expensive
cert is better is when securing a web site - and even then, only because the
CA's certificate is pre-loaded into common browsers like IE & Mozilla & Opera
etc (thus avoiding an excessively scary looking dialog box).
if you have openssl then you have a "real CA infrastructure".
it's easy to use the CA.pl script that comes with openssl - and you can set
the expiry time to whatever you want (i typically use 10 years or 3652 days
for mail client certificates).
IIRC, i posted a script (a trivial wrapper around openssl) here a few months
ago which mostly automates the creation of certificates for postfix servers
and for end-user mail clients.
> So, instead of requiring admin control of the postfix clients I want
> my users to have SMTP clients they can control, which integrate well
> with the rest of UNIX.
i don't understand that either. if they're running unix, they have
access to any one of dozens of smtp clients and servers.
craig
--
craig sanders <cas@taz.net.au> (part time cyborg)
Reply to: