From owner-freebsd-chat  Mon Jun 11 22:29:53 2001
Delivered-To: freebsd-chat@freebsd.org
Received: from mta5.snfc21.pbi.net (mta5.snfc21.pbi.net [206.13.28.241])
	by hub.freebsd.org (Postfix) with ESMTP id 36DB237B40A
	for <chat@freebsd.org>; Mon, 11 Jun 2001 22:29:46 -0700 (PDT)
	(envelope-from jazepeda@pacbell.net)
Received: from zippy.mybox.zip ([207.214.149.101])
 by mta5.snfc21.pbi.net (Sun Internet Mail Server sims.3.5.2000.01.05.12.18.p9)
 with ESMTP id <0GES000BKXXEKW@mta5.snfc21.pbi.net> for chat@freebsd.org; Mon,
 11 Jun 2001 22:29:40 -0700 (PDT)
Received: by zippy.mybox.zip (Postfix, from userid 1000) id 1749E17F3; Mon,
 11 Jun 2001 22:29:38 -0700 (PDT)
Date: Mon, 11 Jun 2001 22:29:37 -0700
From: Alex Zepeda <jazepeda@pacbell.net>
Subject: Re: MTA authentications
In-reply-to: <Pine.BSF.4.21.0106121617410.98765-100000@lists.unixathome.org>;
 from dan@langille.org on Tue, Jun 12, 2001 at 04:20:50PM +1200
To: Dan Langille <dan@langille.org>
Cc: chat@freebsd.org
Message-id: <20010611222937.A2921@zippy.mybox.zip>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-disposition: inline
User-Agent: Mutt/1.2.5i
References: <p05100306b749ddc2c10f@[194.78.241.123]>
 <Pine.BSF.4.21.0106121617410.98765-100000@lists.unixathome.org>
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-chat.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-chat>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-chat>
X-Loop: FreeBSD.org

On Tue, Jun 12, 2001 at 04:20:50PM +1200, Dan Langille wrote:

> I don't ever remember setting up a certificate.  Where should I be
> looking?

Well you'll need to generate one.  Ususally it's a good idea to get the
requisite info from a Certificate Agency (again VeriSign comes to mind,
but there *are* others) otherwise you can generate that yourself.  You
then feed it to OpenSSL to generate something that your MTA will
understand.  Then you should tweak the m4 stuff for sendmail and
regenerate your configuration files, etc.  Me, I like postfix which tends
to be much simpler.

> Hmmm, I think that's the option for me.  Anyone know what I should be
> looking for?

Check thru the m4 templates.

> Please explain to me how having a certificate will make me more secure.

With this host at least, it will allow you to use TLS to encrypt traffic
between the two hosts.  The obvious advantage is that your message can't
be deciphered easily.  This is more of an advantage if you're using some
insecure method of SMTP authentication (PLAIN/LOGIN and/or NTLM, and to
some extent CRAM-MD5 too).

In general the certificate (when signed by a notable, and trustworthy CA)  
will allow the other end to verify who you are.  Think of it as a
public/private key pair.

- alex

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message