will trillich wrote: > could you be a little less specific? (just kidding. ;) > > "You set up your server to support TLS"... at which point i > start slamming the oven door on my head again. Really, it's not that hard. apt-get install <server>-tls. They set up certs for you. I went the extra mile to set up myself as a top-level CA (http://kitenet.net/~joey/ca/), but that is strictly optional. I used openssl to convert my laptop's /etc/exim/exit.crt to a fingerprint, and added the fingerprint to /etc/postfix/relay_clientcerts on the server: 00:EE:19:03:A5:01:B3:F6:16:BE:5A:C4:10:AA:E7:BE dragon To /etc/postfix/main.cf on the server I added these lines: smtpd_use_tls = yes smtpd_tls_ask_ccert = yes smtpd_recipient_restrictions = permit_tls_clientcerts,permit_mynetworks,check_relay_domains relay_clientcerts = hash:/etc/postfix/relay_clientcerts smtpd_tls_session_cache_database = sdbm:/etc/postfix/smtpd_scache I used postmap to hash the relay_clientcerts file. > and how does he generate such a certificate? (he's using > microso~1 outhouse, of course.) Oh, I had assumed your friend was using free software. No idea how or if you can use TLS with proprietary software, sorry. -- see shy jo
Attachment:
pgpsT1mNEXDKo.pgp
Description: PGP signature