Re: postfix for 2 domains on 1 vps 1 ip

To: NetBSD Users Mailing List <netbsd-users%netbsd.org@localhost>
Subject: Re: postfix for 2 domains on 1 vps 1 ip
From: Bob Proulx <bob%proulx.com@localhost>
Date: Sat, 2 Jan 2021 23:08:30 -0700

Jason Mitchell wrote:
> Everything you have written is totally accurate, but self signed
> certificates for SMTP may be going away.
>
> The latest version of Thunderbird requires a valid certificate on
> the SMTP server it uses.
>
> (Sorry for the formatting, I can't send mail from my laptop until I
> fix the certificate issue (: )

Uhm... yes... your formatting problematic.  Your message was missing
entirely from the plain text version of the message!  That's not good.
That made things super confusing.  It only appeared in the html text
version of the message.  I had to dig it out! :-)

I am not using Thunderbird (mutt user here) but I must ask for
clarification.  Perhaps there are other Thunderbird users who know?

As far as I know Thunderbird will *read* mail using many possible
different protocols perhaps the most typical today being IMAPS using a
TLS IMAP connection and that TLS connection needs a valid certificate.
That is most easily done using Let's Encrypt and a Domain Validation
certificate.  Works great.  Zero cost.  Dovecot is typical to serve
IMAPS.

Then Thunderbird will *send* mail using again many possible protocols
but perhaps most typically using an authenticated SMTP to the
submission port 587 on the configured mail server.  Postfix is my
preference.  This outbound connection to the submission port will use
STARTTLS most typically and will require authentication credentials.
An account name and password.

This TLS connection would most typically be a self-signed certificate
but again a Domain Validation DV certificate using Let's Encrypt is
easily available on the server side of things.  I have more than a few
times seen certificates that were at one time valid but long expired
being used for this purpose.  Because there is not a hard requirement
that they validate.  And so no one notices.  Because nothing breaks
when they expire.

This TLS outbound *may* also use certificates for authentication of
the user.  That is of course the "BEST" method but most mailbox
service providers of which I am aware use traditional account names
and passwords because...  Consumers!  Consumers are people and usually
not very technical and therefore passwords are the least amount of
support for getting them hooked up for outbound email.

I apologize to the group for monopolizing the conversation with so
many mail messages here today.  Sorry!

Bob

Follow-Ups:
- Re: postfix for 2 domains on 1 vps 1 ip
  - From: Jason Mitchell
- Re: postfix for 2 domains on 1 vps 1 ip
  - From: Bob Bernstein

References:
- postfix for 2 domains on 1 vps 1 ip
  - From: Mayuresh
- Re: postfix for 2 domains on 1 vps 1 ip
  - From: Bob Proulx
- Re: postfix for 2 domains on 1 vps 1 ip
  - From: Jason Mitchell

Prev by Date: Re: postfix for 2 domains on 1 vps 1 ip
Next by Date: Re: postfix for 2 domains on 1 vps 1 ip
Previous by Thread: Re: postfix for 2 domains on 1 vps 1 ip
Next by Thread: Re: postfix for 2 domains on 1 vps 1 ip
Indexes:

Home | Main Index | Thread Index | Old Index