Authentication for firewalled smtp only server


#1

How can I auth a tls certificate for an smtp server without using http?

Currently I am using getssl bash script.

The server that requires a certificate is firewalled off only port 25 is available!

DNS authentication is off the cards this is an enterprise and therefore changes must go through a time consuming (and costly) change management process.

I can shut down the smtp server while authentication occurs but auth must occur over port 25 not 80 or 443. This would be impossible on the firewall.

How can I implement this?


#2

You can’t. You’ve already explored the alternative to port 80 and 443, but dismissed it. As far as I know, there’s no other way, except perhaps using the firewall itself to intercept a request for the challenge and redirect it to another host (which is acceptable) who can do HTTP.


#3

Could you get an exception to the DNS change management process for one record, or a small zone delegated somewhere?


#4

Nope. Enterprise. You cannot get an exception!


#5

That’s what I was able to do. After posting it hit me I could do something similar.

I put a rule in to the firewall to direct /.well-known/* to a specific server. I then made that server the letsencrypt auth handler.

It took a bit of messing around but I got it working.

Thanks for the input.

Now on to the next problem… (nuther post)


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.