Re: [Exim] TLS versus SMTPS

Startseite
Nachricht löschen
Nachricht beantworten
Autor: James P. Roberts
Datum:  
To: Matt Bernstein
CC: exim-users
Betreff: Re: [Exim] TLS versus SMTPS
----- Original Message -----
From: "Matt Bernstein" <mb@???>

> On Dec 8 James P. Roberts wrote:
>
> >(1) upgrade from Exim 4.02 so I can use --tls-on-connect on port 465,

instead
> >of going through Stunnel. If I do this, will $tls_cipher be non-blank? Or

is
> >there another way to validate that the connection is encrypted, when using
> >smtps?
>
> Yes, yes and NULL. Off the top of my head:
>
> auth_advertise_hosts = ${if eq{$tls_cipher}{}{localhost}{*}}
> tls_advertise_hosts = *

<snip>
> AUTH ACL:

<snip>
> accept hosts = localhost


Cool. GMTA ;)

In fact, last night, I implemented that (although I used "127.0.0.1" instead
of "localhost". (I gather that "localhost" is preferred? I will try that).

Anyway, it worked! A connection to port 465 is decrypted by Stunnel and
redirected to port 25. Exim sees it as unencrypted; thus, Exim sets
"auth_advertise_hosts = localhost". The Stunnel connection appears (to Exim)
to be from localhost, so Exim advertises AUTH. The Win XP/OE client sees
this, and attempts login, as it should. In the auth ACL, we again make an
exception for localhost sender, which is what Stunnel appears to be.

I think this will also work if I send messages manually from localhost.

Thanks!

Jim Roberts
Punster Productions, Inc.