| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
According to the RFC 2246 document, the TLS (Transport Layer Security) protocol provides communications privacy over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. The primary goal of the TLS Protocol is to provide privacy and data integrity between two communicating applications. The TLS protocol itself is based on the SSL 3.0 (Secure Socket Layer) protocol specification.
GNU Anubis supports the TLS/SSL (via the GnuTLS, a Transport Layer Security Library available at http://www.gnutls.org/, or OpenSSL, a cryptographic package available at http://www.openssl.org/), but your MTA must provide the STARTTLS command first. This can be checked by:
$ telnet your-smtp-host 25 ehlo your-domain-name |
The server will response with all its available commands. If you see the STARTTLS, then you can use the TLS/SSL encryption. If your MUA doesn't support the TLS/SSL encryption, but your MTA does, then you should use the `oneway-ssl' keyword in your configuration file. Before using the TLS/SSL encryption, you must generate a proper private key and a certificate. You can do it simply with:
$ cd anubis-directory $ ./build/keygen.sh |
This will create the `anubis.pem' file. For example copy this file to `/usr/share/ssl/certs/'. Next, edit your configuration file by adding:
ssl yes ssl-key path-to-the-private-key ssl-cert path-to-the-certificate |
For example:
ssl-key /usr/share/ssl/certs/anubis.pem ssl-cert /usr/share/ssl/certs/anubis.pem |
Caution: Each client can specify its own private key and a certificate by adding the `ssl-key' and `ssl-cert' keywords in its own user configuration file.
See section 5.2.5 Encryption Settings, for details.