Re: stunnel, OpenSSL, certificates, etc. [was: SMTP server or "forwarding"?]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 2005-08-29 at 22:22, Jonathan Berry wrote:
> > > > send though a local smtp server.  The roaming on is a

> I don't know about this.  Even if one is there, I have no idea where
> it is.  Is there a way to find a server that might be there but I
> don't know about?

Ask whoever provides the internet connection.


> > Stunnel works very much like the xinetd proxy, but the connecting side
> > runs over ssl.  The client side of this is built into many email
> > programs that know how to use port 465 for a secure connection.  The
> > 'back end' conection runs unencrypted so sending on port 25 to the
> > smtp server automatically works.
> 
> Yeah, I've figured out that much :).  Now, what I'm not sure about is
> how the ssl stuff works.  Does the client need to have the certificate
> to connect, or is it like https where the cert is transferred
> automatically? 

That's up to the stunnel config.  It doesn't have to require
a client cert.

> If it is automatic, is it more secure because whatever
> is connecting must know to use ssl? 

Normally the 'secure' part involves keeping 3rd parties from
being able to intercept and decipher the traffic.  In the
context of your own mail server you might require ssl and
a login/password authentication to permit mail relaying
instead of a client certificate. The point of ssl would be
mostly to avoid sending the password in clear text.

>  I've been trying to find
> documentation on setting up stunnel, but am having trouble finding
> useful stuff.  Some stuff is on stunnel 3 rather than 4, which is very
> different in setup and use.  I have found some things on OpenSSL to
> try to figure out the certificate stuff, but cannot seem to find the
> necessary things on Fedora.  OpenSSL is installed according to RPM,
> but I cannot find some things mentioned in the docs I have found.

Your fedora install should have some things set up in
/usr/share/ssl/certs.  If you cd there and enter:
"make stunnel.pem" it should prompt you through building
a server certificate that will be all you need if
you don't require matching client certs.

-- 
  Les Mikesell
    lesmikesell@xxxxxxxxx
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux