Re: [Exim] TLS on a port other than 25

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Philip Hazel
Date:  
À: James P. Roberts
CC: exim-users
Sujet: Re: [Exim] TLS on a port other than 25
On Tue, 18 Feb 2003, James P. Roberts wrote:

> Well, I assume that since I can tell, by looking at whether the first
> incoming command is "scrambled" or not, if a client is trying to use
> SMTPS, that software could be written to make the same determination.


Not possible because, as another poster has pointed out, in the two
different cases different ends "speak" first. The server has to know
whether to output a greeting message (ESMTP) or listen for the start of
a TLS negotation (smtps). In the case of Exim, since all the TLS stuff
is done by calling OpenSSL or GnuTLS, it has to know whether to output
the greeting, or to call the TLS library.

> I think I was scared by the idea of running multiple instances of Exim,
> because I did not know if it was safe to do so.


This is a common difficulty in explaining how Exim works. There's no
such concept as "running Exim", because it has no central controlling
process. Consequently, there's no such concept as "multiple instances of
Exim" either. You just run different Exim processes. You don't have to
run an Exim daemon, but if you do, it is just one way of receiving
messages and feeding them to Exim's spool file. Other ways are directly
from local processes, or via inetd. So running two daemons is just
running two different long-term accepting processes really. One could
conceive of other similar processes that accept messages from other
sources (permanent UUCP connections?) and feed them in.

In fact, if your system is heavily loaded, running multiple SMTP daemons
that listen on different ports may even give you a performance
advantage.

> For example, I would
> never consider launching both Exim and Sendmail on the same machine,
> even if listening on different ports.


That's a different issue, but since they use different directories for
their data, there would be no problem. (You couldn't have them on the
same port, of course. One would start; the other would complain "port in
use".)

> Is it really is safe to do this,
> and the two instances will not interfere with each other? Do they share
> the same queue? If so, perhaps one wants to double the time interval
> for each one's queue runners, and stagger their start times?


In the case of Exim, two listeners can quite happily put messages
into the same spool directory. This is no different from two different
local users (logged in to the server) pressing "send" at the same time.

You don't have to have both daemons starting queue runners. In fact, it's
probably best just to have the -q15m (or whatever) on just one of them.
But if you did, it would also do no harm. They would just both work
their way through the queue simultaneously. (You could even have a third
daemon with just -q15m and without -bd, just to do the queue runners if
you really wanted to.)

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.