Authentication for firewalled smtp only server

DeveloperChris · November 2, 2016, 1:59am

How can I auth a tls certificate for an smtp server without using http?

Currently I am using getssl bash script.

The server that requires a certificate is firewalled off only port 25 is available!

DNS authentication is off the cards this is an enterprise and therefore changes must go through a time consuming (and costly) change management process.

I can shut down the smtp server while authentication occurs but auth must occur over port 25 not 80 or 443. This would be impossible on the firewall.

How can I implement this?

Osiris · November 2, 2016, 2:32am

~~You can’t.~~ You’ve already explored the alternative to port 80 and 443, but dismissed it. As far as I know, there’s no other way, except perhaps using the firewall itself to intercept a request for the challenge and redirect it to another host (which is acceptable) who can do HTTP.

mnordhoff · November 2, 2016, 2:43am

Could you get an exception to the DNS change management process for one record, or a small zone delegated somewhere?

DeveloperChris · November 2, 2016, 3:06am

Nope. Enterprise. You cannot get an exception!

DeveloperChris · November 2, 2016, 3:09am

That’s what I was able to do. After posting it hit me I could do something similar.

I put a rule in to the firewall to direct /.well-known/* to a specific server. I then made that server the letsencrypt auth handler.

It took a bit of messing around but I got it working.

Thanks for the input.

Now on to the next problem… (nuther post)

system · December 2, 2016, 3:10am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.