I've implemented TLS on my mail server for mail clients using SMTP
Authentication. And it works flawlessly for Netscape 4.76 clients.
But life can never be so simple. Outlook 2000 appears to be a different story.
Either I'm not getting the configuration in the client right, or Outlook 2000
is just plain broke. I'm sure it works perfectly with exchange server.
So for outlook clients, I'm back to my old standby of using stunnel for
ssmtp. This is fine, I don't really care whats used as long as I don't
have clear text passwords going over the internet. This puts me in a
predicament with relaying though, and I'm wondering if other people just
think I'm being paranoid, or maybe they know how to get outlook 2000
working with TLS, or more than likely theres just gotta be a better way
than how I'm doing it.
The way I originally setup stunnel was to have it catch encrypted
connections on port 465 and redirects them to localhost port 25. Exim sees
this as a local connection, so it drops any requirement for doing
authentication in order to relay. I could force authentication on
127.0.0.1 but I have a feeling I'll spend a day fixing everything
that uses localhost. So..the horrendous workaround I came up with is this:
Setup an IP alias on eth0:1 (its a linux box) as 192.168.10.10.
Have stunnel run the ssmtp connection from port 465 to 192.168.10.10 port
25. Exim sees it as a non-local address and forces the client to
authenticate in order to relay. Problem fixed. The outlook clients hang
for about 15 seconds during the send operation, but I'm hoping this will
never be seen since this usually runs in the background for outlook users.
To me this doesn't appear to be any worse than running a seperate exim
process on a different port which always requires authentication, and
having stunnel route to it. But I still hate it because theres so many
steps I have a feeling it'll break a lot. Am I wrong? Anyone have a better
way?
-Don