admin GUI for Postfix (was: Re: Setup "SMTP authentication"...)
in [Postfix]
|
Prev: admin GUI for Postfix (was: Re: Setup "SMTP authentication" ...)
Next: How to setup postfix to put the queued emails in hold (and notin deferred)
From: Victor Duchovni on 8 Feb 2010 11:56 On Mon, Feb 08, 2010 at 04:49:44PM +0000, Michele Carandente wrote: > Well, I'm making a kind of GUI because it must be implemented in > another product. > > Anyway, coming back to my old question, I think I'm ok with SMTP authentication. > > Now I've just to setup how to change the encryption (SSL or TLS) and > then I'm happy :p It is not "SSL *or* TLS", it is "SSL/TLS", the two are the same, just different revision levels of a single protocol: SSL 2 - Obsolete Netscape SSL protocol SSL 3 - Version 3.0 of the SSL protocol TLS 1.0 - Version 3.1 of the SSL protocol an IETF standard TLS 1.1 - Version 3.2 of the SSL protocol an IETF standard TLS 1.2 - Version 3.3 of the SSL protocol an IETF standard You can safely disable SSLv2. Now there is also a separate question of how SSL/TLS is used, STARTTLS versus wrapper-mode. See a recent post by Noel Jones in the list archive. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
From: Victor Duchovni on 8 Feb 2010 12:30
On Mon, Feb 08, 2010 at 05:22:41PM +0000, Michele Carandente wrote: > smtp_tls_cert_file = /etc/postfix/smtpd.cert > smtp_tls_key_file = /etc/postfix/smtpd.key Set these empty, you don't need them. > smtp_use_tls = yes Obsolete, set: smtp_tls_security_level = may > smtp_tls_scert_verifydepth = 9 Don't set this to the default, just leave it out, unless you want a smaller value for some reason. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note. |