From owner-freebsd-chat Mon Jun 11 22:29:53 2001 Delivered-To: freebsd-chat@freebsd.org Received: from mta5.snfc21.pbi.net (mta5.snfc21.pbi.net [206.13.28.241]) by hub.freebsd.org (Postfix) with ESMTP id 36DB237B40A for ; Mon, 11 Jun 2001 22:29:46 -0700 (PDT) (envelope-from jazepeda@pacbell.net) Received: from zippy.mybox.zip ([207.214.149.101]) by mta5.snfc21.pbi.net (Sun Internet Mail Server sims.3.5.2000.01.05.12.18.p9) with ESMTP id <0GES000BKXXEKW@mta5.snfc21.pbi.net> for chat@freebsd.org; Mon, 11 Jun 2001 22:29:40 -0700 (PDT) Received: by zippy.mybox.zip (Postfix, from userid 1000) id 1749E17F3; Mon, 11 Jun 2001 22:29:38 -0700 (PDT) Date: Mon, 11 Jun 2001 22:29:37 -0700 From: Alex Zepeda Subject: Re: MTA authentications In-reply-to: ; from dan@langille.org on Tue, Jun 12, 2001 at 04:20:50PM +1200 To: Dan Langille Cc: chat@freebsd.org Message-id: <20010611222937.A2921@zippy.mybox.zip> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-disposition: inline User-Agent: Mutt/1.2.5i References: Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Jun 12, 2001 at 04:20:50PM +1200, Dan Langille wrote: > I don't ever remember setting up a certificate. Where should I be > looking? Well you'll need to generate one. Ususally it's a good idea to get the requisite info from a Certificate Agency (again VeriSign comes to mind, but there *are* others) otherwise you can generate that yourself. You then feed it to OpenSSL to generate something that your MTA will understand. Then you should tweak the m4 stuff for sendmail and regenerate your configuration files, etc. Me, I like postfix which tends to be much simpler. > Hmmm, I think that's the option for me. Anyone know what I should be > looking for? Check thru the m4 templates. > Please explain to me how having a certificate will make me more secure. With this host at least, it will allow you to use TLS to encrypt traffic between the two hosts. The obvious advantage is that your message can't be deciphered easily. This is more of an advantage if you're using some insecure method of SMTP authentication (PLAIN/LOGIN and/or NTLM, and to some extent CRAM-MD5 too). In general the certificate (when signed by a notable, and trustworthy CA) will allow the other end to verify who you are. Think of it as a public/private key pair. - alex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message