TLS in postfix

[Florian Lohoff]

Hi,
also - Ich habe mal heute abend noch ein wenig gebastelt und das grundsaetzlich
ans laufen gebracht - Das einzige was man laut tcpdump noch im output
sieht ist:

220 wc.mediaways.net ESMTP Postfix (Snapshot-20010502)
EHLO dump.mediaways.net
250-wc.mediaways.net
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250 8BITMIME
STARTTLS
220 Ready to start TLS

Und dann noch encrypteten garbage - Im syslog sieht das dann so aus:

Sep 24 23:46:52 wc postfix/smtpd[21167]: connect from
   dump.mediaways.net[195.71.130.200]

Sep 24 23:46:52 wc postfix/smtpd[21167]: setting up TLS connection from
   dump.mediaways.net[195.71.130.200]

Sep 24 23:46:52 wc postfix/smtpd[21167]: TLS connection established
   from dump.mediaways.net[195.71.130.200]: TLSv1 with cipher
   EDH-RSA-DES-CBC3-SHA (168/168 bits)

Sep 24 23:46:52 wc postfix/smtpd[21167]: 997E916EAB:
   client=dump.mediaways.net[195.71.130.200]

Sep 24 23:46:52 wc postfix/cleanup[21168]: 997E916EAB:
   message-id=<20010924214652.3D868BD4A at dump.mediaways.net>

Sep 24 23:46:52 wc postfix/smtpd[21167]: disconnect from
   dump.mediaways.net[195.71.130.200]

Sep 24 23:46:52 wc postfix/qmgr[21164]: 997E916EAB:
   from=<root at dump.mediaways.net>, size=660, nrcpt=1 (queue active)

Sep 24 23:46:52 wc postfix/local[21170]: 997E916EAB:
   to=<bounce-me at wc.mediaways.net>, relay=local, delay=0, status=bounced
   (unknown user: "bounce-me")

Sep 24 23:46:52 wc postfix/cleanup[21168]: C957316EAC:
   message-id=<20010924214652.C957316EAC at wc.mediaways.net>

Sep 24 23:46:52 wc postfix/qmgr[21164]: C957316EAC: from=<>, size=2250,
   nrcpt=1 (queue active)

Sep 24 23:46:53 wc postfix/smtp[21206]: setting up TLS connection to
   dump.mediaways.net

Sep 24 23:46:53 wc postfix/smtp[21206]: verify error:num=18:self signed
   certificate

Sep 24 23:46:53 wc postfix/smtp[21206]: Unverified:
   subject_CN=dump.mediaways.net, issuer_CN=dump.mediaways.net

Sep 24 23:46:53 wc postfix/smtp[21206]: TLS connection established to
   dump.mediaways.net: TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168
   bits)

Sep 24 23:46:53 wc postfix/smtp[21206]: Peer certficate could not
   be verified

Sep 24 23:46:53 wc postfix/smtp[21206]: C957316EAC:
   to=<root at dump.mediaways.net>, relay=dump.mediaways.net[195.71.130.200],
   delay=1, status=sent (250 Ok: queued as 5531CBD48)


D.h. das ganze laeuft jetzt schon mit encryption aber ohne 
authentication da kein CA keyring bzw CA signed certificates. Ich meine
wer das Geld fuer verisign certficates ueberig hat ;)

Patch gegen den postfix-tls aus woody/sid um das ueberhaupt auf potato
compilen zu koennen schicke ich seperat..

Flo
-- 
Florian Lohoff                  flo at rfc822.org             +49-5201-669912
Nine nineth on september the 9th              Welcome to the new billenium