Re: Any resolution?

on 2010-10-21 08:27 am (UTC)
warthog9: Warthog9 (Default)
Posted by [personal profile] warthog9
Depends on what exactly is the problem you are seeing. If it's identical to the problem I have above, then no. Generally speaking SSL is not particularly effective from an e-mail perspective, only really preventing casual eavesdropping. Because the SSL connection isn't verified by a human anywhere almost all mail servers will blindly accept any SSL certificate given to them.

I.E. for e-mail there isn't a lot of point in getting a commercially signed SSL cert. Kernel.org, *FOR E-MAIL* uses a self signed certificate for reference*. The way I fixed the above was to pass the certificate as both the CA and the certificate, or basically that I trust myself from a certificate standpoint.

I haven't tried using CACert certs for mail, but depending on the error it could be (off the top of my head)

- Missconfigured CA / key in postfix
- Can other mail servers, other than exchange communicate with you via ssl? Can you open a connection to the mail server using raw openssl (google for how to do this)

- Does it seem to only be Exchange based systems that are suffering from a miss-communication?

- Could be, though I doubt, people blocking CACerts for not being secure or verifiable enough.

Just some thoughts anyway.

*: We have access to commercial certificates, kindly donated by Thawte, but since e-mail certs are basically never verified there isn't a lot of point in using those, and the self signed cert I can set like a 10-20 year timeout on and not have to worry about for a while.
From:
Anonymous( )Anonymous This account has disabled anonymous posting.
OpenID( )OpenID You can comment on this post while signed in with an account from many other sites, once you have confirmed your email address. Sign in using OpenID.
User
Account name:
Password:
If you don't have an account you can create one now.
Subject:
HTML doesn't work in the subject.

Message:

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.

Profile

warthog9: Warthog9 (Default)
warthog9

December 2014

S M T W T F S
 123456
78910111213
141516 17181920
21222324252627
28293031   

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Jul. 28th, 2017 02:31 am
Powered by Dreamwidth Studios