On Thu, Jul 16, 2009 at 09:33:24AM -0400, Linux Addict wrote:
> I am reading TLS page on postfix and here
> http://www.state-of-mind.de/assets/postfix_tls.pdf.
>
> I have one last question. What I am trying to setup is, I have set of hosts
> in LAN which use postfix relay servers in DMZ to send (secure) mails to one
> of our external client. The external client insists on using verisign cert.
This is not sufficiently precise, what does "using" mean? Printing it
on a piece of paper and using it as bathroom wallpaper? :-)
You need to understand what role the private key and associated (Verisign or
other CA) certificate is to play in your communications with this party.
> On this scenario my postfix server will send mails to the external client's
> server, so should I configure the Client Certificate on my postfix.
If they restrict access to their server, and allow only (certain) TLS
authenticated clients to connect, then indeed you may need to configure
a client certificate. This is never true for MX hosts, but if this is
a dedicated gateway used only by specially configured clients, it may
be one of the exceptions where SMTP client certs are useful.
You'll need to understand how they use it, so that
you can do the right thing when the cert expires and needs to be replaced.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
