From owner-freebsd-questions@FreeBSD.ORG Wed May 6 17:39:23 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 65595658 for ; Wed, 6 May 2015 17:39:23 +0000 (UTC) Received: from mail-qk0-x231.google.com (mail-qk0-x231.google.com [IPv6:2607:f8b0:400d:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1BD7814E9 for ; Wed, 6 May 2015 17:39:23 +0000 (UTC) Received: by qkx62 with SMTP id 62so11042050qkx.0 for ; Wed, 06 May 2015 10:39:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type; bh=YazrAi7YI+P8jKjEgjt8ZQ447j7ypGPVdN5qdz8Uo+Q=; b=hM+6PzVeuSwZWPm+E3096GMGAczxngnrExix1+VQBOPf6+0hlDGWaeSg/kg23Edsgo u9CLc8EqvrqRW7o9MYoh4SB8vMMUy5AhhjaolJroM2kMNgpRO2U1zY67eMLUFZev+vKR WF/rSJgWE6p2R6sD9lvK6Adpv7knwR2FsTeolZNGdOBOvkupcb3LRN0QFhjh6d51CZZ+ F5J0DefQhVGIigrmuym/fEW0YdCXhMXqdndvvXxpHxrAXGutmlK1CcrcQMv6b4hc2UIo Y1SW1vJ74eokGW2QB0yraWNV3J3HCqcA7bX0dblBTNnAlbM00jKz/oMxOJBajTmj/ZtN DwIQ== X-Received: by 10.140.88.35 with SMTP id s32mr40990355qgd.59.1430933962218; Wed, 06 May 2015 10:39:22 -0700 (PDT) Received: from [192.168.70.205] (50-200-12-74-static.hfc.comcastbusiness.net. [50.200.12.74]) by mx.google.com with ESMTPSA id 74sm1576727qha.38.2015.05.06.10.39.21 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 06 May 2015 10:39:21 -0700 (PDT) Message-ID: <554A51CA.6020601@gmail.com> Date: Wed, 06 May 2015 12:39:22 -0500 From: Noel User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: Ernie Luzar CC: freebsd-questions@freebsd.org Subject: Re: postfix with TLS References: <5546444B.2060002@gmail.com> <55464916.9030305@FreeBSD.org> <55464FC2.70709@gmail.com> <55466590.2090607@FreeBSD.org> <55492DDB.2020501@gmail.com> <554951AB.7010802@gmail.com> <554A1D43.1080600@gmail.com> In-Reply-To: <554A1D43.1080600@gmail.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 May 2015 17:39:23 -0000 On 5/6/2015 8:55 AM, Ernie Luzar wrote: > Thank you noel for your help so far. That quick-start=20 > instructions are all most useless because they don't make sense > and reference a script which is not available. Sorry, those instructions assume a certain level of experience. > First of all the "Self-signed server certificate" section says this > "In the examples below, user input is shown in bold font, and a > "#" prompt indicates a super-user shell." > But there is no bold font, just blue links and I can only guess > that what there trying to say about ""#" prompt indicates a > super-user shell" > is a indirect way of saying this. > > Copy the code shown in the "Self-signed server certificate" > section and paste it in a newly created blank file. > Insert "#! /bin/sh" as the first line of the file and remove all > the "#" > Save and exec. Yes, that should work OK, and then you're done. Make sure you've set your hostname in the postfix main.cf file prior to executing this, since the script relies on that information being correct. The comment about bold font refers to the Private Certificate Authority section further down. > As I read the quick-start instructions is see that the first part > of the instructions in the "Private Certification Authority" > section is > based on a perl script called CA.pl. I have perl installed and the > locate command does not find it. CA.pl is part of openssl. For some reason I'm not aware of, FreeBSD doesn't include that script. But you don't really need it unless you want to set up a private CA. The only reason you might want a private CA is if you intend to issue your own certificates to clients to use for certificate-based authentication. This isn't common; almost everyone uses SASL passwords or client IP for authentication rather than certificates. If you need to set up a private CA, either install the openssl from ports, or just grab the CA.pl script from somewhere on the internet. More likely you can just skip that section. > Upon closer re-reading of the quick-start instructions it almost > seems that what is shown under the "Self-signed server > certificate" section > is an newer and quicker method of accomplishing what is shown in > the "Private Certification Authority" section. You do one or the > other but not both. Not newer, but simpler and quicker since it skips the private CA part that few folks need. The instructions could be clearer about that. -- Noel Jones