I had an idle pub based chat last week regarding SMTP over SSL and
integration with exim.
In theory link exim against openssl is pretty easy, but opens up
various cans of worms:-
Incoming SMTP
- controlling allowed ciphers etc
- interaction with SMTP auth (people might want to only allow
SMTP-auth on SSL connection)
- Use of X509 Certs for relay/identification
- listening on 2 ports (smtp & smtp/ssl), also STARTTLS from
within standard SMTP
Outgoing SMTP
- SMTP/SSL by default, optional, using ESMTP capabilities etc
- Behaviour and use of X509 certs etc
Its an interesting can of worms, and I'd be interested in pointers to
general MTA implementation with SSL support, and similar relevant
stuff, as well as list opinions. I do think there is some things that
can be handled in SMTP/SSL that are worth doing (as opposed to relying
on stunnel etc).
Nigel.
--
[ - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000 Fax +44 1423 858866 ]
