1,234
edits
Changes
→Postfix + TLS
Those commands will create a certificate, a certificate signing request, a certificate authority, and a sign your certificate with your certificate authority. Same as in the real world except there you would contact a real CA, here you're making up your own.
==== Test with Thunderbird ====
Currently your Thunderbird is set up to use vm2.yoursenecaid.org for an SMTP server, with no security. Change that to use STARTTLS instead (you can change it under account settings --> Outgoing Server). We haven't set up any user authentication, just an encrypted channel - so leave the authentication method at none.
Thunderbird will warn you about the self-signed certificate. You obviously know it's your certificate so you can tell it to trust it:
[[Image:SMTP-certificate-warning.png]]
Your message may look slightly different, I made a little mistake when generating my certificate.
After you confirm that security exception - send another email to yourself and make sure you receive it. Notice that from the user's point of view nothing is different. But if you were an evildoer trying to steal an identity - the difference is huge. Before it was trivial and now it's computationally prohibitive.