Re: lug-bg: TLS + MTA (malko teoria + praktika)
- Subject: Re: lug-bg: TLS + MTA (malko teoria + praktika)
- From: todorin@email.domain.hidden (Todor Belev)
- Date: Thu, 13 Mar 2003 12:04:47 +0200 (EET)
Vsyshnost,
tova koeto men lichno me kasae e ne principnia vypros che trebe da bydat podpisani ot validno CA - sertifikat moje chovek da si generira sam.
Iska mi se da spedelia opit s hora, koito ne obmeniat mail potoci mejdu MTA, a komunikaciata mejdu MTA i MUA.
Sirech koi Mail klienti vladeiat prasthane pres TLS kriptirana SMTP sesia, i kak po tochno naprimer v MS Outlook stava importiraneto na sertifikat, ne podpisan ot CA.
Opitite za takova importirane na sertificat polzvan za secure SMTP na Postfix i MS Outlook zasega sa neuspeshni.
Za razlika ot naprimer sertifikatite za secure POP3 i secure IMAP, koito se importiraha dosta uspeshno.
Ima li niakoi opit s Kmail, Evolution ili Sylpheed otnosno rabota s TLS MTA.
Todorin
<p><em class="quotelev1"> >-------- Îðèãèíàëíî ïèñìî --------
<em class="quotelev1"> >Îò: Vesselin Kolev vlk_at_lcpe.uni-sofia.bg
<em class="quotelev1"> >Îòíîñíî: lug-bg: TLS + MTA (malko teoria + praktika)
<em class="quotelev1"> >Äî: lug-bg_at_linux-bulgaria.org
<em class="quotelev1"> >Èçïðàòåíî íà: 2003-03-13 10:15:02.0
<em class="quotelev1"> >----------------------------------
<em class="quotelev1"> >-----BEGIN PGP SIGNED MESSAGE-----
<em class="quotelev1"> >Hash: SHA1
<em class="quotelev1"> >
<em class="quotelev1"> >Zdraveite,
<em class="quotelev1"> >
<em class="quotelev1"> > Poluchih 3 pisma ot mnogo vyodusheveni hora, reshili da
<em class="quotelev1"> >prilagat TLS v svoite MTA (postfix, sendmail) sled edin moi
<em class="quotelev1"> >posting.
<em class="quotelev1"> >
<em class="quotelev1"> > Naistina, TLS predlaga kodirane na obmenianata mezhdu MTA
<em class="quotelev1"> >informacia. No ima i niakoi shematichni osobenosti, za koito
<em class="quotelev1"> >traibva da se dyrzhi smetka.
<em class="quotelev1"> >
<em class="quotelev1"> > Za da mozhe naistina vryzkata v kodirania si vid da e nadezhdna,
<em class="quotelev1"> >a sesiata dostoverna za priemashtia ia MTA, to e nuzhno da
<em class="quotelev1"> >imate podpisan ot CA sertifikat. Za tova razbira se, shte traibva
<em class="quotelev1"> >da se plati. No pyt tova mozhe da vi pozvoli da gradite RELAY
<em class="quotelev1"> >politika na nivo sertificat (t.e. vashiat MTA da e smart host samo
<em class="quotelev1"> >za takiva MTA, chiito certifikat vie ste opisali kato validen vyv
<em class="quotelev1"> >vashtata access lista).
<em class="quotelev1"> >
<em class="quotelev1"> > Za da mozhe mail potoka za edin domain da minava izcialo
<em class="quotelev1"> >po kodirana vryzka e neobhodimo vsichki MTA ukazani v MX
<em class="quotelev1"> >ierarhiata na domaina da poddyrzhat TLS, a syshto taka i
<em class="quotelev1"> >izprashtastia MTA da ima TLS poddryzhka. S edna duma v
<em class="quotelev1"> >detaili e malko slozhno.
<em class="quotelev1"> >
<em class="quotelev1"> > Razbira se, idealnoto reshenie, pri koeto mozhe da se izpolzva
<em class="quotelev1"> >TLS e kodirane na mail potoka mezhdu mail hubovete na edna
<em class="quotelev1"> >organizacia.
<em class="quotelev1"> >
<em class="quotelev1"> > Nuzhno e da se ima predvid, che niakoi MTA ne razbirat ot
<em class="quotelev1"> >TLSv1:
<em class="quotelev1"> >
<em class="quotelev1"> > # CommuniGate Pro 3.2.4 (and 3.2.3)
<em class="quotelev1"> > # CommuniGate Pro 3.3betaX
<em class="quotelev1"> > # InterChange v3.61.01
<em class="quotelev1"> >
<em class="quotelev1"> > Ima problemi i s contactuvaneto sys MTA izpolzvashti RSARef,
<em class="quotelev1"> >ako izpolzvanite kliuchove sa po-golemi ot 1024 bita (posledniat
<em class="quotelev1"> >problem ne e chisto tehnologichen, no e tvyrde trudno da se obiasni
<em class="quotelev1"> >iasno, ima i politicheski otenyk).
<em class="quotelev1"> >
<em class="quotelev1"> > Razbira se, neka tova ne se vyzpriema kato obezsyrchavane ili
<em class="quotelev1"> >"gasene" na entusiazma na horata. Izpolzvaite TLS, uchete se da
<em class="quotelev1"> >si konfigurirate MTA s TLS poddryzhka, no vinagi otchitaite specifikata
<em class="quotelev1"> >na neshtata.
<em class="quotelev1"> >
<em class="quotelev1"> > Pozdravi i pozhelania za uspeh kym vsichki v izpozvaneto na TLS
<em class="quotelev1"> >
<em class="quotelev1"> > Vesselin Kolev
<em class="quotelev1"> >-----BEGIN PGP SIGNATURE-----
<em class="quotelev1"> >Version: GnuPG v1.2.1 (GNU/Linux)
<em class="quotelev1"> >
<em class="quotelev1"> >iD8DBQE+cDrc+48lZPXaa+MRAvGNAKDv1hIQvz9Yvp8kuVnIIiHXWE4GJACfYTkk
<em class="quotelev1"> >XRKW5Y8elbKZPr6rwX0syVk=
<em class="quotelev1"> >=VzIs
<em class="quotelev1"> >-----END PGP SIGNATURE-----
<em class="quotelev1"> >
<em class="quotelev1"> >============================================================================
<em class="quotelev1"> >A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
<em class="quotelev1"> >http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
<em class="quotelev1"> >To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
<em class="quotelev1"> >============================================================================
<em class="quotelev1"> >
-----------------------------------------------------------------
http://www.AMSTEL.bg - Áúëãàðñêè îòáîð íà ôèíàëà íà Øàìïèîíñêàòà ëèãà!
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
|