Re: [README] the latest snapshot

Sat, 14 Sep 2013 23:57:41 -0700 

On 2013-09-09 12:10, Gilles Chehade wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi,
> 
> The latest snapshot has some very experimental code that needs HEAVY
> testing, in particular the following:
> 
>     - complete rework of SSL setup in smtpd.conf
>     - introduce mandatory client certificate verification
>     - introduce mandatory server certificate verification
>     - introduce mandatory TLS relaying for "relay" rules
> 
> This will BREAK your existing configuration.
> - From now on, to setup TLS/SMTPS you will have to prepare your
> certificate information as follow:
> 
>     # first we setup certificate informations for a hostname
>     #
>     pki mx.opensmtpd.org certificate "/path/to/certificate"
>     pki mx.opensmtpd.org key "/path/to/key"
> 
>     # then we reference it
>     #
>     listen on all tls pki mx.opensmtpd.org

Looks like this works:
listen on egress port  25 tls pki mx1.ubertech.com.ar hostname 
"mx1.ubertech.com.ar"

While this doesn't:
listen on egress port  25 tls hostname "mx1.ubertech.com.ar" pki 
mx1.ubertech.com.ar

(Syntax error on line N)

> 
>     accept for any relay via tls://my.hub pki mx.opensmtpd.org
> 
> 
> In addition, you can turn STRICT checking of peer certificates:
> 
>    listen on all tls-require verify [...]   # refuse clients that do not
> provide a VALID certificate
> 
>    accept for any relay via tls://my.hub verify [...]  # do not relay if
> my.hub did not provide a VALID certificate
> 
> 
> And finally, you can turn you can decide to break your email experience
> by refusing to relay to ANY MX that doesn't support TLS:
> 
>    accept for any relay tls
> 
> or that doesn't also provide a VALID certificate:
> 
>    accept for any relay tls verify
> 
> 
> PLEASE TEEEEEEEST THIS SNAPSHOT !
> PLEASE TEEEEEEEST THIS SNAPSHOT !
> PLEASE TEEEEEEEST THIS SNAPSHOT !
> PLEASE TEEEEEEEST THIS SNAPSHOT !
> PLEASE TEEEEEEEST THIS SNAPSHOT !
> PLEASE TEEEEEEEST THIS SNAPSHOT !
> PLEASE TEEEEEEEST THIS SNAPSHOT !
> PLEASE TEEEEEEEST THIS SNAPSHOT !
> 
> 
> Thanks ;-)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.13 (OpenBSD)
> 
> iQIbBAEBAgAGBQJSLg8IAAoJENW+07TfGsqvJQoP+IFCORxKN89pFUOfPd1vJfPF
> i4mfWrusrESUlgAuRTJNKhEpgz91UMkFucjAuo8mvJZ9bImyrso11KVpfe35mumn
> nwYy8BZeRw/CIfdQTwPopznezqr4ORY7Lbx3cly07/jkqdUPOjI/5a9Yjsx80Zwx
> /QQwR8kslSoRI/+sVaLiPAVbkrPDZ6eDB9F81b15EpKywv43KvHS/G+k4/pZEgtr
> fLlMyDmqWHyneeYy1Ci213C4P2IJTLrVuf9nGGdOayrQrFRnApOjoAdNeKqz13Ns
> J1ob23akjYj91vW21GXoASN6yvlRfC76A3FDwSnySXTo6Yh52xqy9dsmVLZ3RLPj
> 88A66Gbiiy89fSk8G+UDA73AI3abYj9/r3v+tbiz+dHtmb8wEIJgdkl3V1ZgQOoM
> LojIxiIOWazI9l2RE3wnVqf7enugExwvdmx4Y6EQ8CPaAS5IDJsIvdg9KlgeSvET
> 7ysHEENZMOjNov9EQ+g8z+PjaGnStDJi4uh+AjvhBevq0GNDtC3+x0c3g+YC2aGc
> EfMg7c89lanrMmNDuQeuFgbMYpe9BD1oPPaO08E2YoEfTwAZgVoRDBdI71bLPNnW
> DLr/7ido4YyKik4jAmH8voLMUNUV249ogvyC0rwf0vofgsH8OPfRYg2GJy4tobsz
> QdPsGOJbP7s5gJ+qBF4=
> =wQ/L
> -----END PGP SIGNATURE-----
> 
> 
> -- 
> You received this mail because you are subscribed to [email protected]
> To unsubscribe, send a mail to: [email protected]
> 

-- 
Hugo Osvaldo Barrera

Attachment: pgpJRkp0QN95h.pgp
Description: PGP signature

Reply via email to