Well yes, anyone can "try" but then anyone can "try" if you have it configured to only allow certain IP addresses to relay. You have to have SMTP open to everyone otherwise you won't get any mail from other mail servers.Basher52 wrote:I wonder, does this mean that any IP address will work for getting in?Void Main wrote: If you get it set up like I suggest you should be able to authenticate your smtp connection from any IP address and not be restricted to what you list in /etc/mail/access. Any address you put in there will be for unauthenticated relay addresses (you shouldn't need anything more than "localhost/127.0.0.1" in there).
but in that case, anyone anywhere can try can't they?
Actually they can't "log in" because they don't have the user logon information (username/password). The certificate is only to set up the encrypted channel so that the username and password that you authenticate with is never transmitted over the wire (or air) in clear text. The certificate has to be sent by the server so you can verify that it is indeed the server you think it is. I don't know of any way to do what you are asking with the certificate, or why you would want/need to.And I wonder, is it possible to have the public cert only transfered hand to hand and installed on the other PC manually thus making no one at all able to login since they dont have the key.
Yes, TLS is what you want. Sounds like you have it working! Now if you are concerned about security (which it sounds like you are, and you should be) you probably at least want something watching your logs so that you know how many failed authentication attempts there were and where they came from. logwatch does this and is probably already configured to run on your system and send a report to root's mail account. I have all of root's mail sent to my email account so I don't have to log in to see the reports. You can have root's mail redirected to your mailbox by editing /etc/aliases and at the end put something like:UPDATE: I did all these things and I can get an EMail out if i use
'No secure' or TLS, but not SSL
Is that correct or is it SSL I "want"?
I always thought that TLS is better
Code: Select all
Code: Select all