Author: Craig Kelley Date: To: Kjetil Torgrim Homme CC: exim-users Subject: Re: [Exim] Port 587
On Tue, 2004-04-27 at 02:27 +0200, Kjetil Torgrim Homme wrote: > On Mon, 2004-04-26 at 18:02 +0200, Andreas Metzler wrote:
> > On Mon, Apr 26, 2004 at 09:53:24AM -0600, Craig Kelley wrote:
> > > I've thought of using stunnel; it sounds like a better idea than running
> > > two exim servers.
> >
> > Why? With stunnel you lose any possibilty to limit access based on the
> > connecting hosts' address in exim.conf.
>
> do you care about their IP if they are authenticated?
>
> I would prefer two Exim instances anyway. I don't like to rely on
> inetd, suddenly it decides the connection rate is too high and it drops
> the service. if you're using stunnel in standalone daemon mode, where
> is the advantage compared to an extra Exim daemon process?
How about this:
Have Exim listen on two ports; one of them a local-only port. Then,
have stunnel connect the second port with 465 on SSL. That way, you can
still differentiate SSL vs. non-SSL traffic in a single exim.conf file.