Create a Dreamwidth Account
Site and Account
Reload page in style:
Musings of an Open Source BOFH
Re: Any resolution? (Reply)
Re: Any resolution?
2010-10-21 08:27 am (UTC)
Depends on what exactly is the problem you are seeing. If it's identical to the problem I have above, then no. Generally speaking SSL is not particularly effective from an e-mail perspective, only really preventing casual eavesdropping. Because the SSL connection isn't verified by a human anywhere almost all mail servers will blindly accept any SSL certificate given to them.
I.E. for e-mail there isn't a lot of point in getting a commercially signed SSL cert. Kernel.org, *FOR E-MAIL* uses a self signed certificate for reference*. The way I fixed the above was to pass the certificate as both the CA and the certificate, or basically that I trust myself from a certificate standpoint.
I haven't tried using CACert certs for mail, but depending on the error it could be (off the top of my head)
- Missconfigured CA / key in postfix
- Can other mail servers, other than exchange communicate with you via ssl? Can you open a connection to the mail server using raw openssl (google for how to do this)
- Does it seem to only be Exchange based systems that are suffering from a miss-communication?
- Could be, though I doubt, people blocking CACerts for not being secure or verifiable enough.
Just some thoughts anyway.
*: We have access to commercial certificates, kindly donated by Thawte, but since e-mail certs are basically never verified there isn't a lot of point in using those, and the self signed cert I can set like a 10-20 year timeout on and not have to worry about for a while.
Thread from start
This account has disabled anonymous posting.
You can comment on this post while signed in with an account from many other sites, once you have confirmed your email address.
Sign in using OpenID
If you don't have an account you can
create one now
HTML doesn't work in the subject.
Check spelling during preview
This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.
Most Popular Tags
Stuck in Tokyo
Expand Cut Tags
No cut tags
Page generated Sep. 20th, 2017 12:12 am
Top of page