Page 2 of 2

Re: Self-signed, no-cost or paid TLS(SSL) certificates?

PostPosted: 2017-09-07 19:20
by dilberts_left_nut
kedaha wrote:That's right; the SMTP connection's is configured to use TLS (STARTTLS), port 587
You're still talking about "client side" - you to your own server.
"Server to server" SMTP is on port 25 and is configured separately (the smtp_* directives in postfix's conf not the smtpd_* ones).

Re: Self-signed, no-cost or paid TLS(SSL) certificates?

PostPosted: 2017-09-28 07:36
by kedaha
dilberts_left_nut wrote:
kedaha wrote:That's right; the SMTP connection's is configured to use TLS (STARTTLS), port 587
You're still talking about "client side" - you to your own server.
"Server to server" SMTP is on port 25 and is configured separately (the smtp_* directives in postfix's conf not the smtpd_* ones).

Thanks for the clarification. As a pragmatist, I've always focused first and foremost on making things work but I see it's also useful and interesting —now the system works perfectly— to know exactly how they work
I thought I'd just mention that both gmail and yahoo mail accept emails from my system, which is set up according to the tutorial at ispmail/jessie although mail is still obstinately blocked by hotmail/Outlook. Since I need to send emails to some of my customers who use hotmail, I'm going to have to request that the block be removed.
On the subject of paid TLS(SSL) certificates, while these are easily affordable by larger businesses, theyr'e overpriced, in my opinion, for SOHO (Small_office/home_office) businesses which must take advantage of any opportunity to reduce costs such as using Letsencrypt certificates.

Re: Self-signed, no-cost or paid TLS(SSL) certificates?

PostPosted: 2017-09-28 08:03
by dilberts_left_nut
IMHO it's (just another) idiot tax.
A self signed cert is every bit as effective at encrypting the traffic (and verifying your identity) and there is a very much lower chance of your keys being leaked/stolen/reissued to an impersonator etc.
I thnk the ONLY advantage of a *commercially supplied* cert (paid for OR "free") is inclusion in the default trust chain of browsers/clients used by "the public" (assuming your chosen providers 'trusted' status isn't arbitrarily revoked at any point).