Re: [Exim] TLS versus SMTPS

Top Page
Delete this message
Reply to this message
Author: Tony Finch
Date:  
To: punster
CC: exim-users
Subject: Re: [Exim] TLS versus SMTPS
"James P. Roberts" <punster@???> wrote:
>
>(1) upgrade from Exim 4.02 so I can use --tls-on-connect on port 465, instead
>of going through Stunnel. If I do this, will $tls_cipher be non-blank?


Yes.

>I just realized that option (2) will not work, because the port number 465 is
>probably "lost" by the Stunnel process, just like the remote host IP is
>"lost." It looks like a connection to port 25, from localhost. (Can one test
>the REMOTE port number? If so, would 465 be the actual remote port number for
>this configuration? That's probably a Stunnel question...)


The remote port number will be some effectively random number, and in any
case Exim will see the stunnel's port number -- it cannot see anything about
the client's connection.

Note that the stunnel setup can turn your email server into an open relay,
if you don't have the proper access controls set up by xinetd or stunnel.
(Exim's controls are useless because it knows nothing about the client.)

Tony.
--
f.a.n.finch <dot@???> http://dotat.at/
FAIR ISLE: SOUTHERLY VEERING SOUTHWESTERLY 5 TO 7, PERHAPS GALE 8 LATER. RAIN
AT TIMES. MODERATE OR GOOD.