From owner-freebsd-chat Sat Jun 9 19:59: 7 2001 Delivered-To: freebsd-chat@freebsd.org Received: from mta7.pltn13.pbi.net (mta7.pltn13.pbi.net [64.164.98.8]) by hub.freebsd.org (Postfix) with ESMTP id BB75D37B401 for ; Sat, 9 Jun 2001 19:59:04 -0700 (PDT) (envelope-from jazepeda@pacbell.net) Received: from zippy.mybox.zip ([207.214.149.109]) by mta7.pltn13.pbi.net (Sun Internet Mail Server sims.3.5.2000.03.23.18.03.p10) with ESMTP id <0GEP00KES1M95G@mta7.pltn13.pbi.net> for chat@freebsd.org; Sat, 9 Jun 2001 19:58:59 -0700 (PDT) Received: by zippy.mybox.zip (Postfix, from userid 1000) id 0BBB618C0; Sat, 09 Jun 2001 19:58:55 -0700 (PDT) Date: Sat, 09 Jun 2001 19:58:55 -0700 From: Alex Zepeda Subject: Re: MTA authentications In-reply-to: <200106100225.f5A2PAU52712@lists.unixathome.org>; from dan@langille.org on Sat, Jun 09, 2001 at 10:25:09PM -0400 To: Dan Langille Cc: chat@freebsd.org Message-id: <20010609195855.A2662@zippy.mybox.zip> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-disposition: inline User-Agent: Mutt/1.2.5i References: <20010609120621.A1123@zippy.mybox.zip> <200106100225.f5A2PAU52712@lists.unixathome.org> Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Jun 09, 2001 at 10:25:09PM -0400, Dan Langille wrote: > To my knowledge, there is not TLS stuff on my mailserver. I've never > heard of TLS before this incident. It's all news to me. Ahh. TLS is the "next generation" of SSL (a.k.a. SSL 3.1). > Is it unreasonable of them to expect everyone else (i.e. me) to be set up > like that? Yes. It's wishful thinking for now, unfortunately. > I guess my point is this: if they expect the rest of the world to be "TLS- > enabled" (forgive my terminology, I don't know what else to call it), and > communicate only with such mail servers, how big is their universe? I > thought the [defacto] mail standard was smtp. Likely not very large. However, that's no reason to shy away from it. TLS is not a mail protocol, rather an encryption one. FWIW, I'd suggest that you set up sendmail or whatever MTA you choose to use or be able to use TLS. Postfix at least requires use of a certificate, and while you can generate your own, it might be worth buying one from a reputable certification agency (if you don't already have one) such as VeriSign so that your credentials can be verified. I guess a certificate could be used as authentication. However, the more common method involves SASL (RFC2222 IIRC). Sendmail supports this too. For incoming mail, I see authentication as being stupid and encryption as being common sense. Without knowing too much about sendmail, it appears as if sendmail has SSL/TLS support enabled (a la the awful hack that is OpenSSL), but you need to point your copy of sendmail at a valid certificate. - alex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message