On Tuesday 17 April 2007, G.T.Smith wrote:
Carlos E. R. wrote:
The Wednesday 2007-04-18 at 08:19 +0800, Joe Morris (NTM) wrote:
I think you need to generate a certificate, which creates some necessary files below /etc/postfix/ssl. The certificate works for both client and server by default.
A certificate for client side? Other programs running in client mode do not use it (thunderbird, fetchmail, etc). However, those definitions you talk about in sysconfig have been there for ages, defined, but are ignored: as soon as I edited main.cf on my own (years ago), sysconfig doesn't act for postfix.
Some time ago dis some experimentation with certificate based security and IMAP and various mail clients. The norm was for the server to supply the client with the relevant certificate.
I think what Moe Morris was trying to say is there are two certificate needs. One for Postfix/Sendmail, (the MTA) and another for Imap (MDA). Both need a certificate, and historically it was easier to generate two or put copies of the certificate in two places because postfix and Cyrus (or what ever) live in different directory structures, and often run under different user/group ids. Once you chroot either it becomes almost mandatory to replicate your cert. (And, I'm not suggesting chroot is useful, just that Suse seems to suggest it at install time.) -- _____________________________________ John Andersen