VersaMail and Self Signed Certificates
Like I said in my last post, I pulled my markwalling.org email off of Google Apps and decided to host it locally (Rate limit incoming mail?
Seems like an easy way to DoS someone.). I was able to dust off my old Postfix and Dovecot config files, and started receiving mail locally.
I then started getting my phone configured to use my server instead of Google. IMAP went off with out a hitch (went into advanced settings, checked off SSL, boom). I assumed that SMTP was going to be just as easy. It wasn't. The phone would connect to postfix, then close the connection after STARTTLS. After ranting in #linode about it, someone showed me this knowledge base article, which said that PalmOS can't deal with self signed certificates (Which is strange because I use the same certificate for Dovecot). Being cheap, and not wanting to spend money on a real SSL certificate (or send my password in cleartext), I started exploring other options.
My carrier was assigning my phone IP addresses from several different
netblocks, so adding it to mynetworks wasn't going to work. I noticed that the rDNS had a common parent domain, so with help from /dev/rob0, and some magic incantations, I got it working! Here are the (sanitized of course) relevant configs:
#### and here is the fun stuff we need so the cell phone can send email
smtpd_restriction_classes = check_mycell, check_myemail
check_mycell = check_client_access hash:/etc/postfix/mycell_access
check_myemail = check_sender_access hash:/etc/postfix/myemail_access
my.carrier.com check_myemail
myemail@mydomain.com OK
randomport inet n - n - - smtpd
-o smtpd_recipient_restrictions=reject_unknown_client_hostname,
check_mycell,reject
-o sender_bcc_maps=hash:/etc/postfix/sender_bcc
(replace `randomport` with the interface:port you want this special smtpd to listen on)