Locally hosted email with CloudFlare Origin cert - SMTP?
-
This is related to my moving to CloudFlare proxy thread.
The issue is - if the email server only has the CF Origin TLS cert, how will SMTP over TLS work? I would assume that other mail servers might reject that cert because it's not signed by a trusted CA.
-
@Dashrender said in Locally hosted email with CloudFlare Origin cert - SMTP?:
This is related to my moving to CloudFlare proxy thread.
The issue is - if the email server only has the CF Origin TLS cert, how will SMTP over TLS work? I would assume that other mail servers might reject that cert because it's not signed by a trusted CA.
Does this only affect inbound mail?
I have never actually tested this with Exchange, but I do know that I can tell postfix to send with TLS without configuring any certificates.
-
@JaredBusch said in Locally hosted email with CloudFlare Origin cert - SMTP?:
@Dashrender said in Locally hosted email with CloudFlare Origin cert - SMTP?:
This is related to my moving to CloudFlare proxy thread.
The issue is - if the email server only has the CF Origin TLS cert, how will SMTP over TLS work? I would assume that other mail servers might reject that cert because it's not signed by a trusted CA.
Does this only affect inbound mail?
I have never actually tested this with Exchange, but I do know that I can tell postfix to send with TLS without configuring any certificates.
Sure, that's not really secure though, it's TLS with no security.
As for what it affects - I frankly don't know. For all I know a self signed cert would be fine - but I don't know what happens when you both a assumed allowable cert and a CF origin cert on the same machine.
-
@Dashrender said in Locally hosted email with CloudFlare Origin cert - SMTP?:
@JaredBusch said in Locally hosted email with CloudFlare Origin cert - SMTP?:
@Dashrender said in Locally hosted email with CloudFlare Origin cert - SMTP?:
This is related to my moving to CloudFlare proxy thread.
The issue is - if the email server only has the CF Origin TLS cert, how will SMTP over TLS work? I would assume that other mail servers might reject that cert because it's not signed by a trusted CA.
Does this only affect inbound mail?
I have never actually tested this with Exchange, but I do know that I can tell postfix to send with TLS without configuring any certificates.
Sure, that's not really secure though, it's TLS with no security.
As for what it affects - I frankly don't know. For all I know a self signed cert would be fine - but I don't know what happens when you both a assumed allowable cert and a CF origin cert on the same machine.
Umm I think you misunderstand. When you send, you don't need a cert. Just like you don't need a cert in your browser to access HTTPS pages. the other side has that.
Yes, I assume you need something valid for the inbound SMTP.
-
@JaredBusch said in Locally hosted email with CloudFlare Origin cert - SMTP?:
@Dashrender said in Locally hosted email with CloudFlare Origin cert - SMTP?:
@JaredBusch said in Locally hosted email with CloudFlare Origin cert - SMTP?:
@Dashrender said in Locally hosted email with CloudFlare Origin cert - SMTP?:
This is related to my moving to CloudFlare proxy thread.
The issue is - if the email server only has the CF Origin TLS cert, how will SMTP over TLS work? I would assume that other mail servers might reject that cert because it's not signed by a trusted CA.
Does this only affect inbound mail?
I have never actually tested this with Exchange, but I do know that I can tell postfix to send with TLS without configuring any certificates.
Sure, that's not really secure though, it's TLS with no security.
As for what it affects - I frankly don't know. For all I know a self signed cert would be fine - but I don't know what happens when you both a assumed allowable cert and a CF origin cert on the same machine.
Umm I think you misunderstand. When you send, you don't need a cert. Just like you don't need a cert in your browser to access HTTPS pages. the other side has that.
Yes, I assume you need something valid for the inbound SMTP.
OK - yeah, I suppose the receiving side is what sets up the tunnel.. Ok good point...
