On 01/07/18 21:57, Zenaan Harkness wrote: >> Oh, use https:// and make sure any security is activated in conf.pl. > And with your self-issued snake oil certs, make sure you check and > confirm the cert on each device you want to use to access your > webmail server, from your home network, so that if you eventually > tunnel in or otherwise access it 'on the road', you have already > verified your own snake oil cert and a MITM should stand out like > unicorn balls. For any server on the internet, I don't see the point in using self-signed certs any more, now that letsencrypt gives you real ones for free. It's a bit more of a pain for a server that's only accessed internally, but still doable, if you can set up a dummy site for verification (there are ways to do it without a web server, but I haven't needed that yet) Richard
Attachment:
signature.asc
Description: OpenPGP digital signature