Joachim Wieland wrote:
> Hi,
>
> On Tue, Apr 02, 2002 at 10:02:20PM +0900, Toshio Kumagai wrote:
>
>>> /usr/sbin/stunnelsmtp -d 465 -r 587 -p /path/to/mail.pem -- ssmtp
>>
>
>> Yep.
>> I cannot understand the difference between his patch
>> and exim over stunnel.
>> I've ran exim with stunnel over ssmtp (465/tcp) since
>> exim release 2.x.
>> I remember that 3.16x is the first experimental release
>> of exim with TLS(STARTTLS).
>
>
> The difference is that you don't get the real IP of the client that uses
> the mail server but the local IP instead. You really don't want to have
> this if you're doing SMTP-after-POP.
>
> I solved the problem by running a wrapper from stunnel that calls exim
> with the -oMa option to set the IP though a patch to exim might be a nicer
> solution.
I'm not really sure if patching exim to support *two* obsolete techniques is nice in
any sense.
I'd use SMTP AUTH first of all and if possible try not to use tunneling.
Also, as far as I know (we tested it at our boxen w/exim 3.33) MS Outlook 5 and
all recent builds of Mozilla (not sure about Netscape 4.0x though) were quite happy
with STARTTLS.
But I had to patch exim3 for it to make use of system passwd, via the
Cyrus SASL pwcheck daemon. Pretty ironic in this context.
By the way, I've got Exim 4.02 to use pwcheck too. Anyone interested?
(at least with FreeBSD 4.x configuring SMTP AUTH becomes a breeze:
server_condition = "${if pwcheck{$1:$2}{1}{0}}"
and it's done.)
./lxnt