[README] the latest snapshot

Mon, 09 Sep 2013 11:17:26 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

The latest snapshot has some very experimental code that needs HEAVY
testing, in particular the following:

    - complete rework of SSL setup in smtpd.conf
    - introduce mandatory client certificate verification
    - introduce mandatory server certificate verification
    - introduce mandatory TLS relaying for "relay" rules

This will BREAK your existing configuration.
- From now on, to setup TLS/SMTPS you will have to prepare your
certificate information as follow:

    # first we setup certificate informations for a hostname
    #
    pki mx.opensmtpd.org certificate "/path/to/certificate"
    pki mx.opensmtpd.org key "/path/to/key"

    # then we reference it
    #
    listen on all tls pki mx.opensmtpd.org

    accept for any relay via tls://my.hub pki mx.opensmtpd.org


In addition, you can turn STRICT checking of peer certificates:

   listen on all tls-require verify [...]   # refuse clients that do not
provide a VALID certificate

   accept for any relay via tls://my.hub verify [...]  # do not relay if
my.hub did not provide a VALID certificate


And finally, you can turn you can decide to break your email experience
by refusing to relay to ANY MX that doesn't support TLS:

   accept for any relay tls

or that doesn't also provide a VALID certificate:

   accept for any relay tls verify


PLEASE TEEEEEEEST THIS SNAPSHOT !
PLEASE TEEEEEEEST THIS SNAPSHOT !
PLEASE TEEEEEEEST THIS SNAPSHOT !
PLEASE TEEEEEEEST THIS SNAPSHOT !
PLEASE TEEEEEEEST THIS SNAPSHOT !
PLEASE TEEEEEEEST THIS SNAPSHOT !
PLEASE TEEEEEEEST THIS SNAPSHOT !
PLEASE TEEEEEEEST THIS SNAPSHOT !


Thanks ;-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (OpenBSD)

iQIbBAEBAgAGBQJSLg8IAAoJENW+07TfGsqvJQoP+IFCORxKN89pFUOfPd1vJfPF
i4mfWrusrESUlgAuRTJNKhEpgz91UMkFucjAuo8mvJZ9bImyrso11KVpfe35mumn
nwYy8BZeRw/CIfdQTwPopznezqr4ORY7Lbx3cly07/jkqdUPOjI/5a9Yjsx80Zwx
/QQwR8kslSoRI/+sVaLiPAVbkrPDZ6eDB9F81b15EpKywv43KvHS/G+k4/pZEgtr
fLlMyDmqWHyneeYy1Ci213C4P2IJTLrVuf9nGGdOayrQrFRnApOjoAdNeKqz13Ns
J1ob23akjYj91vW21GXoASN6yvlRfC76A3FDwSnySXTo6Yh52xqy9dsmVLZ3RLPj
88A66Gbiiy89fSk8G+UDA73AI3abYj9/r3v+tbiz+dHtmb8wEIJgdkl3V1ZgQOoM
LojIxiIOWazI9l2RE3wnVqf7enugExwvdmx4Y6EQ8CPaAS5IDJsIvdg9KlgeSvET
7ysHEENZMOjNov9EQ+g8z+PjaGnStDJi4uh+AjvhBevq0GNDtC3+x0c3g+YC2aGc
EfMg7c89lanrMmNDuQeuFgbMYpe9BD1oPPaO08E2YoEfTwAZgVoRDBdI71bLPNnW
DLr/7ido4YyKik4jAmH8voLMUNUV249ogvyC0rwf0vofgsH8OPfRYg2GJy4tobsz
QdPsGOJbP7s5gJ+qBF4=
=wQ/L
-----END PGP SIGNATURE-----


-- 
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]

Reply via email to