stunnel, OpenSSL, certificates, etc. [was: SMTP server or "forwarding"?]

From: Jonathan Berry (berryja_at_gmail.com)
Date: 08/30/05

  • Next message: CHAT KHODA: "user-dir Apache Module and FC4" 
    Date: Mon, 29 Aug 2005 22:22:32 -0500
To: For users of Fedora Core releases <fedora-list@redhat.com>

    On 8/28/05, Les Mikesell <lesmikesell@gmail.com> wrote:
    > On Sat, 2005-08-27 at 17:57, Jonathan Berry wrote:
    > > > 'fixed client at another location' case you may be able to
    > > > send though a local smtp server. The roaming on is a
    > >
    > > That would be ideal, but I do not know if such a server is available.
    >
    > Chances are pretty good that one is there. Or, you could use

    I don't know about this. Even if one is there, I have no idea where
    it is. Is there a way to find a server that might be there but I
    don't know about?

    [snip]
    > > > I wouldn't recommend it. A better alternative would be to
    > > > use 'stunnel' to accept ssl connections with a client certificate
    > >
    > > This sounds interesting too. I like the idea of having some auth that
    > > would be simple to setup. I guess I'll do some reading up on stunnel
    > > and see if I can get that working. Anyone have any experience with
    > > stunnel?
    >
    > Stunnel works very much like the xinetd proxy, but the connecting side
    > runs over ssl. The client side of this is built into many email
    > programs that know how to use port 465 for a secure connection. The
    > 'back end' conection runs unencrypted so sending on port 25 to the
    > smtp server automatically works.

    Yeah, I've figured out that much :). Now, what I'm not sure about is
    how the ssl stuff works. Does the client need to have the certificate
    to connect, or is it like https where the cert is transferred
    automatically? If it is automatic, is it more secure because whatever
    is connecting must know to use ssl? I've been trying to find
    documentation on setting up stunnel, but am having trouble finding
    useful stuff. Some stuff is on stunnel 3 rather than 4, which is very
    different in setup and use. I have found some things on OpenSSL to
    try to figure out the certificate stuff, but cannot seem to find the
    necessary things on Fedora. OpenSSL is installed according to RPM,
    but I cannot find some things mentioned in the docs I have found.

    # rpm -qa | grep ssl
    openssl-devel-0.9.7f-7
    mod_ssl-2.0.54-10.1
    openssl-0.9.7f-7

    This HOWTO looks pretty good, though I've only started reading it:
    http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html

    But as an example of not finding things, this part:
    http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x120.html
    mentions /etc/openssl.cnf which I don't have, and CA.pl, which I also
    don't seem to have. Is there something more I need to install? Doing
    a 'yum list "*ssl*"' shows there is an openssl.i386 package in
    addition to the i686 one I have installed. Is that just for < 686
    CPUs and the 686 package takes advantage of some 686 instructions?
    Would I get anything else by installing from source? Can anyone offer
    some help with this?

    > > > required and forward t o your isp, or run your own mail server
    > > > with ssl on port 465 or port 587 with TLS and require authenticated
    > > > logins for SMTP forwarding. Most current mail clients support
    > >
    > > Might as well use Gmail if I'm to go that far. Less to have to keep track of.
    >
    > It does seem like the easiest solution.

    But not nearly as much fun ;).

    Thanks,
    Jonathan 

    -- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
  • Next message: CHAT KHODA: "user-dir Apache Module and FC4"

    Relevant Pages

    • Re: Win Mobile 5 + SBS 2003 SP1 + Exchange SP1 Connection woes
      ... Also You do have use ssl ticked? ... Options, Server Settings, Connection and check the box "This server uses an ... So the certificate copied over just fine and has been installed on both ... The directions for install state that I can use the cert from the ...
      (microsoft.public.windows.server.sbs)
    • Re: OWA - changing passwords
      ... Install and configure Secure Socket Layer (SSL) on the server. ... Set Up an HTTPS Service in IIS ...
      (microsoft.public.exchange.admin)
    • Re: Owa-problem (frontend)
      ... I found the cause...Require SSL was set on the Exchange virtual folder on the ... I have a backend/frontend-topology with Exchange 2003 SP2. ... Basic OS-install of Windows Server 2003 w/SP1. ... After install I set an IP-adress on the server and joined it to the domain. ...
      (microsoft.public.exchange.setup)
    • RE: Reinstall Internal Web
      ... A Web site that uses a SSL certificate must have a unique IP ... the Web server cannot use the IP address and the SSL ... You cannot successfully install the intranet component or connect to ...
      (microsoft.public.windows.server.sbs)
    • Re: Windows 2003 sbs : multiple webs & SSL
      ... You can get them to install the cert though. ... > instance) and install it on the server. ... Forgetting about SSL for a moment, you CAN have different websites on ...
      (microsoft.public.windows.server.sbs)