Re: lug-bg: TLS + MTA (malko teoria + praktika)
- Subject: Re: lug-bg: TLS + MTA (malko teoria + praktika)
- From: vlk@email.domain.hidden (Vesselin Kolev)
- Date: Thu, 13 Mar 2003 12:59:12 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Zdravei i blagodaria za vyprosite. Tova sa naistina umestni vyprosi.
<p>On Thursday 13 Mar 2003 12:20, Dancho Mitev wrote:
<em class="quotelev1">> Zdrasti,
<em class="quotelev1">> Temata i na men mi e mnogo interesna.
<em class="quotelev1">> Imam edin - dwa wyprosa:
<em class="quotelev1">>
<em class="quotelev1">> Wyzmovno li e da se izpolzwa samopodpisan sertifikat?
<em class="quotelev1">> (pone za testowe? - predpolagam che da).
<em class="quotelev1">> Wyzmovno li e da se izpolzwa syshtiqt sertifikat ot CA kojto se izpolzwa s
<em class="quotelev1">> apache ili trqbwa da se kupuwa otdelen?
<em class="quotelev1">>
Po princip, ako ne si platish za da ti byde podpisan sertifikata ot
strana na CA ti izpolzvash self-signed (samopodpisan) certificat.
Razlika mezhdu certifikatite za apache i sendmail niama. Te sa X.509
PKI specifichni. Mislia obache, che imashe problemi ot chisto
pravna gledna tochka za izpolzvaneto na edin certificate za niakolko
uslugi. No naistina shte traibva da se pointeresuvam dopylnitelno za
polozhenieto, kogato si si platil dali mozhesh da izpolzvash certificata
za vsichki uslugi ili vlizash v niakakvi narushenia po dogovora.
<em class="quotelev1">>
<em class="quotelev1">> Move li poluchatelq da razbere po nqkakyw nachin che mevdu dwata MTA
<em class="quotelev1">> negowoto syobshtenie e bilo ( ili ne e bilo ) transferirano w kriptiran wid
<em class="quotelev1">> s TLS?
<em class="quotelev1">>
Da, razbira se, che mozhe. V headera na pismoto se otbeliazva tova. Eto
ti e edin primer:
===============================================================
Return-Path: <vlk_at_lcpe.uni-sofia.bg>
Received: from lcpe.pip.digsys.bg ([193.68.0.202] verified)
by dir.bg (CommuniGate Pro SMTP 4.0.6)
with ESMTP-TLS id 16529586 for antispam_remove_at_dir.bg; Thu, 11 Mar 2003
12:53:34 +0200
Received: from e-lib.vpn.lcpe.uni-sofia.bg (e-lib.vpn.lcpe.uni-sofia.bg
[192.168.100.111])
(authenticated bits=0)
by lcpe.uni-sofia.bg (8.12.8/8.12.8) with ESMTP id h2DCBJqF001950
(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO)
for <antispam_remove_at_dir.bg>; Thu, 13 Mar 2003 14:11:27 +0200
===============================================================
V zhurnalnia file za MTA syshto se otbeliazva cialata sesia (razbira se
informaciata zavisi ot tova kakyv debug level si zadal na syslog):
Mar 13 14:11:19 lcpe sendmail[1950]: NOQUEUE: connect from
e-lib.vpn.lcpe.uni-sofia.bg [192.168.100.111]
Mar 13 14:11:19 lcpe sendmail[1950]: AUTH: available mech=PLAIN OTP LOGIN
DIGEST-MD5 CRAM-MD5 ANONYMOUS, allowed mech=EXTERNAL LOGIN PLAIN
Mar 13 14:11:19 lcpe sendmail[1950]: STARTTLS=server,
relay=e-lib.vpn.lcpe.uni-sofia.bg [192.168.100.111], version=TLSv1/SSLv3,
verify=NO, cipher=RC4-MD5, bits=128/128
Mar 13 14:11:19 lcpe sendmail[1950]: STARTTLS=server, cert-subject=,
cert-issuer=
Mar 13 14:11:19 lcpe sendmail[1950]: AUTH: available mech=PLAIN OTP LOGIN
DIGEST-MD5 CRAM-MD5 ANONYMOUS, allowed mech=EXTERNAL LOGIN PLAIN
Mar 13 14:11:27 lcpe sendmail[1950]: AUTH=server,
relay=e-lib.vpn.lcpe.uni-sofia.bg [192.168.100.111], authid=vlk, mech=LOGIN,
bits=0
Mar 13 14:11:27 lcpe sendmail[1950]: h2DCBJqF001950:
from=<vlk_at_lcpe.uni-sofia.bg>, size=402, class=0, nrcpts=1,
msgid=<200303131250.40238.vlk_at_lcpe.uni-sofia.bg>, proto=ESMTP, daemon=MTA,
relay=e-lib.vpn.lcpe.uni-sofia.bg [192.168.100.111]
Mar 13 14:11:29 lcpe sendmail[1953]: h2DCBJqF001950: SMTP outgoing connect on
lcpe.uni-sofia.bg
Mar 13 14:11:34 lcpe sendmail[1953]: STARTTLS: ClientCertFile missing
Mar 13 14:11:34 lcpe sendmail[1953]: STARTTLS: ClientKeyFile missing
Mar 13 14:11:34 lcpe sendmail[1953]: STARTTLS=client, init=1
Mar 13 14:11:34 lcpe sendmail[1953]: STARTTLS=client, start=ok
Mar 13 14:11:35 lcpe sendmail[1953]: STARTTLS=client, relay=mail.dir.bg.,
version=TLSv1/SSLv3, verify=OK, cipher=DES-CBC3-SHA, bits=168/168
Mar 13 14:11:35 lcpe sendmail[1953]: STARTTLS=client,
cert-subject=/C=BG/ST=Sofia/L=Sofia/O=Dir.bg+20AD/OU=secure+20development/CN=mail.dir.bg/Email=root_at_dirbg.com,
cert-issuer=/C=ZA/ST=Western+20Cape/L=Cape+20Town/O=Thawte+20Consulting+20cc/OU=Certification+20Services+20Division/CN=Thawte+20Server+20CA/
Mar 13 14:11:35 lcpe sendmail[1953]: AUTH=client, relay=mail.dir.bg., mech=,
bits=0
Mar 13 14:11:36 lcpe sendmail[1953]: h2DCBJqF001950: to=<cryptofan_at_dir.bg>,
ctladdr=<vlk_at_lcpe.uni-sofia.bg> (1002/100), delay=00:00:09, xdelay=00:00:09,
mailer=esmtp, pri=30397, relay=mail.dir.bg. [194.145.63.28], dsn=2.0.0,
stat=Sent (16529986 message accepted for delivery)
Mar 13 14:11:36 lcpe sendmail[1953]: h2DCBJqF001950: done; delay=00:00:09,
ntries=1
<p><em class="quotelev1">> Blagodarq predwaritelno,
<em class="quotelev1">>
<em class="quotelev1">> Pozdrawi
<em class="quotelev1">>
<em class="quotelev1">> Dan
<em class="quotelev1">>
Nadiavam se:) Si poluchil ako ne izcherpatelna, to pone konkretna informacia.
Mislia da publikuvam edin alpha document za izpolzvaneto na TLS sys sendmail.
Stiga razbira se niakoi da ima nuzhda ot tova.
Pozdravi
Vesselin Kolev
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+cGSH+48lZPXaa+MRAtN0AKCB3Pv5YT5W/pncMOcYzQqUYu5RXACg9SvU
r1doWmZ8wgQ+r0ZO+QGVsos=
=zX1f
-----END PGP SIGNATURE-----
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
|