1. SMTP TSL with own certificates: not self-signed?
Okay, here's the plan: to use my Linux box (running Postfix) as a mail
relay for myself, and only myself (so call me selfish), allowing me to send
mail from my laptop no matter where I am or how I'm hooked up to the
In fact I've achieved this already, but not as securely as I would like. At
the moment I'm using TLS over port 25, with only one secure AUTH method
allowed. The settings in Postfix's main.cf are pretty stringent, so I think
I'm fairly well protected against UCE and unwanted mail relaying.
So what, you may ask, is my problem? From what I can tell, if my SASL
username and password can be gleaned (by guess or by brute force) then my
Linux box can be used as a mail relay by the lucky hacker. What I would
like to do is create a client certificate that sists on my laptop, and have
Postfix only relay mail for a certificate with that fingerprint (using
relay_clientcerts in main.cf, I believe). The problem is that I'm far too
cheap to pay VeriSign $50 or more a year for a certificate and, despite
having read until my eyes are sore, I can't figure out how (or if it is
indeed possible) to create a certificae for myself (using more than one
machine?) that both Pine (on the laptop) and Postfix (on the Linux box)
will consider to be trusted and non self-signed (a Pine restriction).
If what I'm asking is impossible, then perhaps there's another way to
achieve what I'm after. I will be greatful for any and all suggestions
(well, okay, the non-flame ones).
2. Toshiba Laptop (500CDT) and mouse
3. Generate a Self-Signed Certificate for LDAP server.
4. HELP: SlackwareV1.1.1 + XFree86 doesn't work with MouseMan cordless
5. create a "correct" self-signed SSL certificate
6. Installing Xterm to boot from Debian 1.3
7. Self Signed Certificates
8. Fix mem= options
9. make a self signed certificate for v4 netscape web server
10. How to make a not-self-signed certificate?
11. openssl, certificate, tomcat, port certificate
12. Certificate Signing Request (CSR) Problem
13. Non-Verisign certificates: problem with older Netscape/IE?