On Sun, Jun 1, 2014 at 6:32 PM, Brian J. Rogers <[email protected]> wrote:
> On Sun, Jun 1, 2014 at 6:24 PM, Corey Edwards <[email protected]> wrote: > > > > > How many users will you have? Are they technical? If it's just for > > > yourself, a self-signed cert may be OK. The first time you set up a > > client, > > > you'll have to accept the cert. Other than that, not usually a problem. > > If > > > you have other, non-technie users then it's nice to have a proper cert. > > > > It will be just me. > I wouldn't worry about it too much then. Startcom offers free certificates and they work ok. > > > > You could block access to the non-TLS ports (port 25, 110, 143). That > > would > > > have the effect. If your server supports it, you could require STARTTLS > > on > > > the standard ports. > > > I don't know what would support it. I'm not sure if I should try > Postfix/Dovecot again, or if I should use another stack. > I'm really not an expert on either, and honestly it's been a few years since I've seriously done any mail stuff. But looks like Dovecot does support a TLS-only option. http://wiki2.dovecot.org/SSL/DovecotConfiguration > > Sure, but it depends on your server software. For example in Exim, you > can > > > write an ACL to require encryption: > > > > > > acl_check_rcpt: > > > deny message = TLS encryption required > > > encrypted = no > > > Good to know for Exim, I'm undecided on what I should use for the service. > I'm open to either. > I've always liked Exim. It's extremely flexible, although a little convoluted. Not quite Sendmail level convoluted (that's a high bar to hit) though. Corey /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
