Self-signed, no-cost or paid TLS(SSL) certificates?

If it doesn't relate to Debian, but you still want to share it, please do it here

Re: Self-signed, no-cost or paid TLS(SSL) certificates?

Postby dilberts_left_nut » 2017-09-07 19:20

kedaha wrote:That's right; the SMTP connection's is configured to use TLS (STARTTLS), port 587
You're still talking about "client side" - you to your own server.
"Server to server" SMTP is on port 25 and is configured separately (the smtp_* directives in postfix's conf not the smtpd_* ones).
AdrianTM wrote:There's no hacker in my grandma...
User avatar
dilberts_left_nut
 
Posts: 4660
Joined: 2009-10-05 07:54
Location: enzed

Re: Self-signed, no-cost or paid TLS(SSL) certificates?

Postby kedaha » 2017-09-28 07:36

dilberts_left_nut wrote:
kedaha wrote:That's right; the SMTP connection's is configured to use TLS (STARTTLS), port 587
You're still talking about "client side" - you to your own server.
"Server to server" SMTP is on port 25 and is configured separately (the smtp_* directives in postfix's conf not the smtpd_* ones).

Thanks for the clarification. As a pragmatist, I've always focused first and foremost on making things work but I see it's also useful and interesting —now the system works perfectly— to know exactly how they work
I thought I'd just mention that both gmail and yahoo mail accept emails from my system, which is set up according to the tutorial at ispmail/jessie although mail is still obstinately blocked by hotmail/Outlook. Since I need to send emails to some of my customers who use hotmail, I'm going to have to request that the block be removed.
On the subject of paid TLS(SSL) certificates, while these are easily affordable by larger businesses, theyr'e overpriced, in my opinion, for SOHO (Small_office/home_office) businesses which must take advantage of any opportunity to reduce costs such as using Letsencrypt certificates.
Mate DE & OSSv4.
LaMp, WordPress; ispmail
Debian Stable & Software

Words, as is well known, are the great foes of reality. Joseph Conrad.
User avatar
kedaha
 
Posts: 2794
Joined: 2008-05-24 12:26

Re: Self-signed, no-cost or paid TLS(SSL) certificates?

Postby dilberts_left_nut » 2017-09-28 08:03

IMHO it's (just another) idiot tax.
A self signed cert is every bit as effective at encrypting the traffic (and verifying your identity) and there is a very much lower chance of your keys being leaked/stolen/reissued to an impersonator etc.
I thnk the ONLY advantage of a *commercially supplied* cert (paid for OR "free") is inclusion in the default trust chain of browsers/clients used by "the public" (assuming your chosen providers 'trusted' status isn't arbitrarily revoked at any point).
AdrianTM wrote:There's no hacker in my grandma...
User avatar
dilberts_left_nut
 
Posts: 4660
Joined: 2009-10-05 07:54
Location: enzed

Previous

Return to Offtopic

Who is online

Users browsing this forum: No registered users and 2 guests

fashionable