Re: [Exim] TLS on a port other than 25

Top Page
Delete this message
Reply to this message
Author: James P. Roberts
Date:  
To: exim-users
Subject: Re: [Exim] TLS on a port other than 25
> > Well, I assume that since I can tell, by looking at
> > whether the first incoming command is "scrambled" or not, if
> > a client is trying to use SMTPS, that software could be
> > written to make the same determination.
>
> Not possible because, as another poster has pointed out, in the two
> different cases different ends "speak" first. The server has to know
> whether to output a greeting message (ESMTP) or listen for the start
> of a TLS negotation (smtps). In the case of Exim, since all the TLS
> stuff is done by calling OpenSSL or GnuTLS, it has to know whether
> to output the greeting, or to call the TLS library.


Perfect explanation. Thanks.

>
> > I think I was scared by the idea of running multiple instances of
> > Exim, because I did not know if it was safe to do so.
>
> This is a common difficulty in explaining how Exim works. There's no
> such concept as "running Exim", because it has no central controlling
> process. Consequently, there's no such concept as "multiple instances
> of Exim" either. You just run different Exim processes. You don't
> have to run an Exim daemon, but if you do, it is just one way of
> receiving messages and feeding them to Exim's spool file. Other ways
> are directly from local processes, or via inetd. So running two
> daemons is just running two different long-term accepting processes
> really. One could conceive of other similar processes that accept
> messages from other sources (permanent UUCP connections?) and feed
> them in.
>
> In fact, if your system is heavily loaded, running multiple SMTP
> daemons that listen on different ports may even give you a
> performance advantage.
>
> > For example, I would never consider launching both Exim and
> > Sendmail on the same machine, even if listening on different
> > ports.
>
> That's a different issue, but since they use different directories
> for their data, there would be no problem. (You couldn't have them
> on the same port, of course. One would start; the other would
> complain "port in use".)
>
> > Is it really is safe to do this,
> > and the two instances will not interfere with each other?
> > Do they share the same queue? If so, perhaps one wants to
> > double the time interval for each one's queue runners, and
> > stagger their start times?
>
> In the case of Exim, two listeners can quite happily put messages
> into the same spool directory. This is no different from two
> different local users (logged in to the server) pressing "send"
> at the same time.
>
> You don't have to have both daemons starting queue runners. In fact,
> it's probably best just to have the -q15m (or whatever) on just one
> of them. But if you did, it would also do no harm. They would just
> both work their way through the queue simultaneously. (You could even
> have a third daemon with just -q15m and without -bd, just to do the
> queue runners if you really wanted to.)


Philip, you are, as is well known around here, a genius!
Thank you for this very clear explanation. I should have
known better than to make assumptions about Exim based on
experience with other software. My apologies.

I still wish I could do it all from the config file, without
having to mess with start-up files. But, armed with this
better understanding of how Exim works, I am no longer
afraid to do it.

Oh, how I await the release of the new Textbook! ;)

Jim Roberts
Punster Productions, Inc.