From owner-freebsd-questions@FreeBSD.ORG Sun May 3 16:41:25 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6A96CFEF; Sun, 3 May 2015 16:41:25 +0000 (UTC) Received: from mail-ig0-x230.google.com (mail-ig0-x230.google.com [IPv6:2607:f8b0:4001:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 32E711EE0; Sun, 3 May 2015 16:41:25 +0000 (UTC) Received: by igbpi8 with SMTP id pi8so53689012igb.0; Sun, 03 May 2015 09:41:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=61z2j4oiLkMUbW2f56jVC1d+ntK9sjWRNCd2N9HcvMc=; b=pzhOiWDHA3LQXE9MDNnCAGjpJIsOSDxQxsvvJVQMNfUrNPWNUcWCt1gmshUOitd6Ja l0+GDBVfN7VWWu7Gg2tksIoJv57BcsiimgmGzJL/lLQG0qaBA8CEH4D9D2CgkKbnODDn t/PBKVcqQOhbG2yy0VXEIsrQKJhEoqrGaHgrTIW6vXWH8JU54NZ4OLLMWdDp4B37vrso hhBhWN+RIccnSdm3zjgXjNsvbBMzNP7kl3f1w8d1nx4xWiRuzWzdw5vfZAKQbLCvW2IR hOmtzb/swzPac0J3ecvRIu8L3/JnE+aLob5dBYdoeewCN2Q9J7pQVNAxBgCBEQO6uQ1z QFgw== X-Received: by 10.50.25.137 with SMTP id c9mr8560434igg.29.1430671284686; Sun, 03 May 2015 09:41:24 -0700 (PDT) Received: from [10.0.10.5] (cpe-76-190-244-6.neo.res.rr.com. [76.190.244.6]) by mx.google.com with ESMTPSA id cy11sm3449899igc.14.2015.05.03.09.41.23 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 03 May 2015 09:41:24 -0700 (PDT) Message-ID: <55464FC2.70709@gmail.com> Date: Sun, 03 May 2015 12:41:38 -0400 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) To: Matthew Seaman CC: freebsd-questions@freebsd.org Subject: Re: postfix with TLS References: <5546444B.2060002@gmail.com> <55464916.9030305@FreeBSD.org> In-Reply-To: <55464916.9030305@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1252" X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 May 2015 16:41:25 -0000 Matthew Seaman wrote: On 03/05/2015 16:52, Ernie Luzar wrote: pkg info postfix shows the TLS is enabled by default. I know what TLS is, but I don't know what this means to postfix. Does this mean that postfix has all the internal security library's compiled in and can function right out of the box as a email server communicating using TLS? Yes. This gives you the option that, subject to setting various configuration flags and supplying SSL keys and certs, in any SMTP dialogue, as a receiver postfix will offer 'STARTTLS' as an available command, and as a sender it will invoke STARTTLS when the other side offers it. So all your e-mail should be encrypted over the wire. I'm not entirely sure why this is even considered optional in this day and age... Cheers, Matthew Is the ability builtin to create SSL keys and certs?