[ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
The TLS (Transport Layer Security) protocol provides communications privacy over the Internet. It is described in RFC 2246 document. The protocol allows client/server applications to communicate in a way that prevents eavesdropping, tampering, or message forgery. The primary goal of the protocol is to provide privacy and data integrity between two communicating applications. The TLS protocol itself is based on the SSL 3.0 (Secure Socket Layer) protocol specification.
GNU Anubis supports the TLS/SSL (via the GnuTLS, a Transport Layer Security Library available from http://www.gnutls.org/), but your MTA must provide the ‘STARTTLS’ command first. This can be checked by:
$ telnet your-smtp-host 25 ehlo your-domain-name
The server will response with all its available commands.
If you see the word ‘STARTTLS’, then you can use the
TLS/SSL encryption. If your MUA doesn’t support
the TLS/SSL encryption, but your MTA does, then
you should use the ‘oneway-ssl’ keyword in your configuration
file. Before using the TLS/SSL encryption, generate
a proper private key and a certificate. GNU anubis
provides
a scrypt ‘keygen.sh’ which can be used for this, e.g.:
$ cd anubis-directory $ ./build/keygen.sh
This will create the ‘anubis.pem’ file. Copy it to the directory of your choice, e.g. ‘/usr/share/ssl/certs/’. Next, edit your configuration file by adding:
ssl yes ssl-key path-to-the-private-key ssl-cert path-to-the-certificate
For example:
ssl-key /usr/share/ssl/certs/anubis.pem ssl-cert /usr/share/ssl/certs/anubis.pem
Caution: Each client can specify its own private key and a certificate by adding the ‘ssl-key’ and ‘ssl-cert’ keywords in its own user configuration file.
See section Encryption Settings, for details.
[ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] |
This document was generated on January 6, 2024 using texi2html 5.0.