On Mon, Jan 07, 2019 at 09:18:03AM +, John Cox wrote:
> Hi
>
> >> Jan 6 14:35:05 azathoth smtpd[87479]: 92975635cb3d86a4 mta connecting
> >> address=smtp://212.54.58.11:25 host=mx.mnd.ukmail.iss.as9143.net
> >> Jan 6 14:35:05 azathoth smtpd[87479]: 92975635cb3d86a4 mta connected
> >> Jan 6
Hi
>2019-01-06 16:21 skrev John Cox:
>> Hi
>>
>> I'm using OpenSMTPD 6.4.0
>>
>> I'm (at least) a little confused as to which sort of certs I should
>> put in the pki cert and ca conf file entries (I can cope with the key
>> entry!)
>>
>> I have an apparently functional ACME setup using the
2019-01-06 16:21 skrev John Cox:
Hi
I'm using OpenSMTPD 6.4.0
I'm (at least) a little confused as to which sort of certs I should
put in the pki cert and ca conf file entries (I can cope with the key
entry!)
I have an apparently functional ACME setup using the default
acme-client supplied
On Sun, Jan 06, 2019 at 12:39:49PM -0500, Bryan Harris wrote:
> I just use the regular cert, not the fullchain one. I followed the
> directions from the relayd and httpd book (Let's Encrypt & acme-client).
>
>
> pki $pki_host key?? "/etc/ssl/private/sally.org.il.key"
> pki $pki_host cert?
I just use the regular cert, not the fullchain one. I followed the
directions from the relayd and httpd book (Let's Encrypt & acme-client).
pki $pki_host key "/etc/ssl/private/sally.org.il.key"
pki $pki_host cert "/etc/ssl/sally.org.il.crt"
Bryan
On 1/6/2019 10:21 AM, John Cox wrote:
Hi
I'm using OpenSMTPD 6.4.0
I'm (at least) a little confused as to which sort of certs I should
put in the pki cert and ca conf file entries (I can cope with the key
entry!)
I have an apparently functional ACME setup using the default
acme-client supplied with openbsd. This gives me 3 sorts of
That worked. I spent quite a bit of time trying to get it working.
Thank you both for your replies!
On 3/10/2018 10:20 AM, Robert Cameron wrote:
On Sat, 2018-03-10 at 09:13 -0600, g p wrote:
I have three domains and have created my own certificates for them
but I
cannot get OpenSMTPD
I have three domains and have created my own certificates for them but I
cannot get OpenSMTPD to work with all of them, just one.
$ cat smtpd.conf
# pki setup
pki mail.garybainbridge.email certificate
"/etc/ssl/mail.garybainbridge.email.crt"
pki mail.garybainbridge.email key
= 1 certificate ? Can't be do 1 IP address = x certificates ?
No, you can do 1 IP = x certs, thanks to SNI. I do that, my conf:
pki domain1.com certificate "/etc/smtpd/tls/domain1.com.crt"
pki domain1.com key "/etc/smtpd/tls/domain1.com.key"
pki domain2.com certificate &qu
On 05/14/17 07:20, Bruno Pagani wrote:
Le 14/05/2017 à 09:59, Mik J a écrit :
Thank you Edgar,
You wrote multiple IP adresses. Does it mean that 1 IP address = 1
certificate ?
Can't be do 1 IP address = x certificates ?
No, you can do 1 IP = x certs, thanks to SNI. I do that, my conf
Le 14/05/2017 à 09:59, Mik J a écrit :
> Thank you Edgar,
> You wrote multiple IP adresses. Does it mean that 1 IP address = 1
> certificate ?
> Can't be do 1 IP address = x certificates ?
No, you can do 1 IP = x certs, thanks to SNI. I do that, my conf:
pki domain1.com certificate
On 05/13/17 17:55, Mik J wrote:
Hello,
I would like to know if it's possible to use multiple
certificates/keys with opensmtpd
domain.com has MX mx.domain.com
acme.com has MX mx.acme.com
When a clients (remote mta such as gmail) connects to my server, my
opensmtpd should send
Hello,
I would like to know if it's possible to use multiple certificates/keys with
opensmtpd
domain.com has MX mx.domain.comacme.com has MX mx.acme.com
When a clients (remote mta such as gmail) connects to my server, my opensmtpd
should send the according certificate.Something like virtual
gt; tls-require verify. But from what I could tell from the man pages there is
> > no way to have tls-require and auth as alternatives on one listener.
> >
> > My use case is that I have clients
>
> By client to you mean a person logging in with a mail client. Or another
r.
>
> My use case is that I have clients
By client to you mean a person logging in with a mail client. Or another server
using you as a relay?
> which don't have certificates and should be allowed to relay with SMTPAUTH.
> And I have other mailservers which use OpenSMTPD as smar
has tls-require
verify. But from what I could tell from the man pages there is no way to have
tls-require and auth as alternatives on one listener.
My use case is that I have clients which don't have certificates and should be
allowed to relay with SMTPAUTH. And I have other mailservers which
On Wed, Jun 24, 2015 at 11:01:15AM +1000, Jason Tubnor wrote:
Hi,
Before I go through with purchasing a wildcard cert, can anyone tell
me if the following as written in the man page:
pki mail.example.com certificate /etc/ssl/mail.example.com.crt
pki mail.example.com key
Hi,
Before I go through with purchasing a wildcard cert, can anyone tell
me if the following as written in the man page:
pki mail.example.com certificate /etc/ssl/mail.example.com.crt
pki mail.example.com key /etc/ssl/private/mail.example.com.key
listen on lo0
listen on egress tls pki
I'm in the process of switching out existing RSA Certificate Authority
server certificates for ECDSA (Elliptical Curve DSA) ones.
Are ECDSA certs supported by OpenSMTPD? Or does that depend completely on
the chosen SSL library, i.e. OpenSSL, LibreSSL, BoringSSL, etc?
--
You received
On Tue, Apr 01, 2014 at 11:03:18PM -0300, Hugo Osvaldo Barrera wrote:
On 2014-03-31 10:31, Gilles Chehade wrote:
ok, well there's no such thing as https://www.opensmtpd.org, I will
make sure nginx does not redirect to poolp.org in such case
Why not just set it up? You can use SNI and a
On 2014-03-31 10:31, Gilles Chehade wrote:
ok, well there's no such thing as https://www.opensmtpd.org, I will
make sure nginx does not redirect to poolp.org in such case
Why not just set it up? You can use SNI and a free certificate for it,
it's not much of a hastle. It'll also avoid errors
Gilles Chehade wrote, On 03/31/14 01:31:
ok, well there's no such thing ashttps://www.opensmtpd.org, I will
make sure nginx does not redirect to poolp.org in such case
FYI, the OpenBSD website links to http://www.opensmtpd.org/.
So I'm guessing OpenSMTPD's unsecured site is valid. Correct?
. Wikipedia document
some things to consider, including
http://en.wikipedia.org/wiki/X.509#Security see problems with
certificate authorities.
I know some of the critics and agree with them.
But that remains : opensmtpd.org uses poolp.org certificates.
It's not good.
Having said that, I most
ones. Wikipedia
document
some things to consider, including
http://en.wikipedia.org/wiki/X.509#Security ‹ see problems
with
certificate authorities.
I know some of the critics and agree with them.
But that remains : opensmtpd.org uses poolp.org certificates.
It's
Hello
I don't like to behave like an asshole and say stupid things to cool
peoples... but the ssl certs for opensmtpd.org are valid only for
poolp.org.
You don't use dnssec, neither good ssl certs ... ?
Sorry for annoyement.
--
You received this mail because you are subscribed to
://en.wikipedia.org/wiki/X.509#Security see
problems with certificate authorities.
Having said that, I most certainly do not speak for the opensmtp project;
indeed, I do not speak for anyone apart from me, and am most probably
talking nonsense.
If I were to use certificates that had
26 matches
Mail list logo