From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <57ac42c5f0899c4d58c066ca7e7f12c4@plan9.bell-labs.com>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] Authenticated SMTPD or factotum's p9cr
Date: Mon, 20 Aug 2007 16:53:05 -0400
From: geoff@plan9.bell-labs.com
In-Reply-To: <744472b1852a327f0499d3d5b3301234@proxima.alt.za>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Topicbox-Message-UUID: ae0e9186-ead2-11e9-9d60-3106f5b1d025

I can't answer all your questions immediately, but as long as smtpd
can read the certificate it needs for TLS (typically
/sys/lib/ssl/smtpd-cert.pem), tcp25 can reside in /rc/bin/service.
There needs to be a corresponding key in your cpu server(s)'s bootes's
factotum.  We load ours automatically from bootes's secstore factotum
file.  It and our ssh server key look like this:

key proto=rsa service=tls owner=* size=1024 ek=10001 n=[many hex digits] !dk? !p? !q? !kp? !kq? !c2?
key proto=rsa service=sshserve owner=* size=1024 ek=91 n=[many hex digits] !dk? !p? !q? !kp? !kq? !c2?

Our tcp25 for the outside world ends with this invocation of smtpd:

exec upas/smtpd -n $3 -gD -m /mail/lib/vfsend.alt -c /sys/lib/ssl/smtpd-cert.pem