At 3:28 pm +0100 2004/04/27, Nigel Metheringham wrote: >On Tue, 2004-04-27 at 15:15, Craig Kelley wrote:
>> Have Exim listen on two ports; one of them a local-only port. Then,
>> have stunnel connect the second port with 465 on SSL. That way, you can
>> still differentiate SSL vs. non-SSL traffic in a single exim.conf file.
>>
>> Can anyone see a problem with doing it that way?
>
>Yes.
>
>The connections exim "sees" are all from 127.0.0.1 - which makes host
>and RBL checks useless, and may have the interesting side effect of
>making it so anyone can relay through your box (127.0.0.1 is often a
>trusted network).
as long as deliveries from localhost:465 are only accepted for
authenticated users I see no problem.