From: Victor Duchovni (Victor.Duchovnimorganstanley.com)
Date: Thu Apr 03 2008 - 18:20:01 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Apr 03, 2008 at 04:14:07PM -0600, Joseph L. Casale wrote:

> Are there any caveats I should consider if implementing my own self signed cert? Internally in our Active Directory domain we have a CA that we use for other requirements and I was hoping to also use it for our Postfix gateway.
>
> I can't see how other smtp servers will have issues, but want to confirm.

You can use a self-signed cert. Sending systems will not object,
unless they have made specific arrangements with you to configure an
authenticated TLS "secure channel".

If the sending system is Postfix, you can even use no certificate at all,
but non-Postfix will probably choke on this, so you can't yet field this
on Internet facing MX hosts that are willing to take email from most
senders (i.e. all non-spammers).

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]