Authentication for firewalled smtp only server

How can I auth a tls certificate for an smtp server without using http?

Currently I am using getssl bash script.

The server that requires a certificate is firewalled off only port 25 is available!

DNS authentication is off the cards this is an enterprise and therefore changes must go through a time consuming (and costly) change management process.

I can shut down the smtp server while authentication occurs but auth must occur over port 25 not 80 or 443. This would be impossible on the firewall.

How can I implement this?

You can’t. You’ve already explored the alternative to port 80 and 443, but dismissed it. As far as I know, there’s no other way, except perhaps using the firewall itself to intercept a request for the challenge and redirect it to another host (which is acceptable) who can do HTTP.

1 Like

Could you get an exception to the DNS change management process for one record, or a small zone delegated somewhere?

Nope. Enterprise. You cannot get an exception!

That’s what I was able to do. After posting it hit me I could do something similar.

I put a rule in to the firewall to direct /.well-known/* to a specific server. I then made that server the letsencrypt auth handler.

It took a bit of messing around but I got it working.

Thanks for the input.

Now on to the next problem… (nuther post)


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.