[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

8. Using the TLS/SSL Encryption

The TLS (Transport Layer Security) protocol provides communications privacy over the Internet. It is described in RFC 2246 document. The protocol allows client/server applications to communicate in a way that prevents eavesdropping, tampering, or message forgery. The primary goal of the protocol is to provide privacy and data integrity between two communicating applications. The TLS protocol itself is based on the SSL 3.0 (Secure Socket Layer) protocol specification.

GNU Anubis supports the TLS/SSL (via the GnuTLS, a Transport Layer Security Library available from http://www.gnutls.org/), but your MTA must provide the `STARTTLS' command first. This can be checked by:

 
$ telnet your-smtp-host 25
  ehlo your-domain-name

The server will response with all its available commands. If you see the word `STARTTLS', then you can use the TLS/SSL encryption. If your MUA doesn't support the TLS/SSL encryption, but your MTA does, then you should use the `oneway-ssl' keyword in your configuration file. Before using the TLS/SSL encryption, generate a proper private key and a certificate. GNU anubis provides a scrypt `keygen.sh' which can be used for this, e.g.:

 
$ cd anubis-directory
$ ./build/keygen.sh

This will create the `anubis.pem' file. Copy it to the directory of your choice, e.g. `/usr/share/ssl/certs/'. Next, edit your configuration file by adding:

 
ssl yes
ssl-key path-to-the-private-key
ssl-cert path-to-the-certificate

For example:

 
ssl-key /usr/share/ssl/certs/anubis.pem
ssl-cert /usr/share/ssl/certs/anubis.pem

Caution: Each client can specify its own private key and a certificate by adding the `ssl-key' and `ssl-cert' keywords in its own user configuration file.

See section Encryption Settings, for details.


[ << ] [ >> ]           [Top] [Contents] [Index] [ ? ]

This document was generated on May, 24 2014 using texi2html 1.76.