Hello,
We host mail services for a few dozen domains. We will eventually
require TLS for all client connections.
I have reviewed what seems to be the most comprehensive thread on this
subject (
http://postfix.1071664.n5.nabble.com/TLS-SNI-support-td25552.html ) and,
in light of that information,
* Ben Johnson b...@indietorrent.org:
Hello,
We host mail services for a few dozen domains. We will eventually
require TLS for all client connections.
I have reviewed what seems to be the most comprehensive thread on this
subject (
On Mon, Jul 15, 2013 at 12:47:53PM -0400, Ben Johnson wrote:
In essence, our clients wish to use their own SSL certificates for their
SMTP connections.
Are these submission clients? What does the above mean?
Our clients will not accept the position, You just have to ignore the
'domain
Ben Johnson:
Hello,
We host mail services for a few dozen domains. We will eventually
require TLS for all client connections.
I have reviewed what seems to be the most comprehensive thread on this
subject (
http://postfix.1071664.n5.nabble.com/TLS-SNI-support-td25552.html ) and,
in
On Tue, Jul 16, 2013 at 12:47 AM, Ben Johnson b...@indietorrent.org wrote:
Hello,
We host mail services for a few dozen domains. We will eventually
require TLS for all client connections.
I have reviewed what seems to be the most comprehensive thread on this
subject (
On 7/15/2013 1:03 PM, Patrick Ben Koetter wrote:
In absence of SNI either the MX of all domains point to one MX with a valid
cert or you bring up an instance per domain.
Bringing-up a Postfix instance per domain would require unique ports (or
a dedicated IP address) for each instance,
(Viktor, I'm going to reply to Wietse first, just because his questions
are fewer and I am hoping to clarify the points of confusion before
others reply.)
On 7/15/2013 1:24 PM, Wietse Venema wrote:
Ben Johnson:
Hello,
We host mail services for a few dozen domains. We will eventually
require
On 7/15/2013 1:10 PM, Viktor Dukhovni wrote:
On Mon, Jul 15, 2013 at 12:47:53PM -0400, Ben Johnson wrote:
In essence, our clients wish to use their own SSL certificates for their
SMTP connections.
Are these submission clients? What does the above mean?
Yes, these are submission
Ben Johnson:
On 7/15/2013 1:10 PM, Viktor Dukhovni wrote:
On Mon, Jul 15, 2013 at 12:47:53PM -0400, Ben Johnson wrote:
In essence, our clients wish to use their own SSL certificates for their
SMTP connections.
Are these submission clients? What does the above mean?
Yes, these
On 16 Jul 2013 03:15, Wietse Venema wie...@porcupine.org wrote:
Ben Johnson:
On 7/15/2013 1:10 PM, Viktor Dukhovni wrote:
On Mon, Jul 15, 2013 at 12:47:53PM -0400, Ben Johnson wrote:
In essence, our clients wish to use their own SSL certificates for
their
SMTP connections.
On 7/15/2013 3:14 PM, Wietse Venema wrote:
Ben Johnson:
On 7/15/2013 1:10 PM, Viktor Dukhovni wrote:
On Mon, Jul 15, 2013 at 12:47:53PM -0400, Ben Johnson wrote:
In essence, our clients wish to use their own SSL certificates for their
SMTP connections.
Are these submission clients? What
Ben Johnson:
In the meantime, I am all ears, regarding jf's question about SNI
proxying via, for example, nginx. If that subject is best addressed to
the nginx mailing list, I am happy to take the discussion to the
appropriate list.
According to a thread in March 2013 they did not support SNI
On Mon, Jul 15, 2013 at 03:38:31PM -0400, Ben Johnson wrote:
It's entirely reasonable if they want to be able to change email
provider without having to update all their clients.
This is the strongest argument that I've seen for adding SNI support to
Postfix. I hadn't even considered
On 7/15/2013 3:35 PM, Viktor Dukhovni wrote:
Unfortunately there are not a lot of development cycles for adding
a decent SNI implementation to Postfix.
I have no time for this.
And this is precisely why an entire VPS industry has sprouted over the
past few years. As someone stated down
On 07/16/2013 05:30 AM, Ben Johnson wrote:
If your clients insist that a mail server is only professional if the TLS
session has their domain name written on it, then give them what they want at
the price it costs to implement it.
Your position is perfectly reasonable, and is more or less the
15 matches
Mail list logo