From owner-freebsd-questions@FreeBSD.ORG Tue May 5 23:26:37 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 045B8C8C for ; Tue, 5 May 2015 23:26:37 +0000 (UTC) Received: from mail-ob0-x22f.google.com (mail-ob0-x22f.google.com [IPv6:2607:f8b0:4003:c01::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BC3541AF3 for ; Tue, 5 May 2015 23:26:36 +0000 (UTC) Received: by obfe9 with SMTP id e9so151070714obf.1 for ; Tue, 05 May 2015 16:26:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=rcLx+nraak2ObrDETt385ULYqhCdPNk32Lxplh00P28=; b=TpIEDEaSnsoVoBipTP0I33FXcIFr4l4uVuB4uV6x720COymUjaK2TnyddH05mjY9R6 bIu0T42SJuW/pFDMSfqEdH8zbbK0/Ajwe5+bFLIoA2VBOY5N7AeRHq2dTNK1VvYmPAnO bQ87+vRteCQu4iD0f4ns0AdzibcnaWF61d3+xDLo41p0x/y2R3Nr55+XjZmb5Yt9//2E Qx7a19eEl8WbzgMU/em+GuHXBUECNAKESO5TLs+yM7u5QKnLE+4mV+opgqcV2igNvlTM w4sAoQStKhcnyAPjqxEnuagkeeRo+np63SuJt3tv6tEV5rxGwv3DPnzGZp3pmE/Ce6c2 VL0A== X-Received: by 10.60.37.166 with SMTP id z6mr24754397oej.63.1430868395997; Tue, 05 May 2015 16:26:35 -0700 (PDT) Received: from ?IPv6:2600:1004:b129:9cc7:7024:7170:9608:4f09? ([2600:1004:b129:9cc7:7024:7170:9608:4f09]) by mx.google.com with ESMTPSA id zk5sm10308354obc.22.2015.05.05.16.26.34 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 May 2015 16:26:35 -0700 (PDT) Message-ID: <554951AB.7010802@gmail.com> Date: Tue, 05 May 2015 18:26:35 -0500 From: Noel User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: Ernie Luzar CC: freebsd-questions@freebsd.org Subject: Re: postfix with TLS References: <5546444B.2060002@gmail.com> <55464916.9030305@FreeBSD.org> <55464FC2.70709@gmail.com> <55466590.2090607@FreeBSD.org> <55492DDB.2020501@gmail.com> In-Reply-To: <55492DDB.2020501@gmail.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 May 2015 23:26:37 -0000 On 5/5/2015 3:53 PM, Ernie Luzar wrote: > Matthew Seaman wrote: >> On 03/05/2015 17:41, Ernie Luzar wrote: >> =20 >>> Is the ability builtin to create SSL keys and certs? >>> =20 >> >> No. That's where you'ld use openssl. >> >> Mathew >> >> >> =20 > On my system 10.1 system 'locate openssl' shows /usr/bin/openssl. > So I take that to mean that 'yes' the ability is builtin to the > FreeBSD base to > create the SSL keys and certs needed by postfix. > > No need to 'pkg install openssl', correct? Correct. openssl is part of the base. > > Do some TLS parameters have to be added to postfix's main.cf file ? Yes, although TLS is supported by the package, it is not enabled by default. http://www.postfix.org/TLS_README.html#quick-start > > The openssl comand has to be run to create SSL keys and certs > needed by postfix for TLS? The quick-start section of TLS _README gives examples for creating a self-signed certificate using openssl, and shows the common settings required in postfix to enable TLS. The remaining postfix TLS settings -- and there's a lot of them -- have reasonable defaults and seldom need adjusting. http://www.postfix.org/TLS_README.html#quick-start -- Noel Jones