On Tue, 2004-04-27 at 16:08, Giuliano Gavazzi wrote:
> At 3:28 pm +0100 2004/04/27, Nigel Metheringham wrote:
> >On Tue, 2004-04-27 at 15:15, Craig Kelley wrote:
> >> Have Exim listen on two ports; one of them a local-only port. Then,
> >> have stunnel connect the second port with 465 on SSL. That way, you can
> >> still differentiate SSL vs. non-SSL traffic in a single exim.conf file.
> >>
> >> Can anyone see a problem with doing it that way?
> >
> >Yes.
> >
> >The connections exim "sees" are all from 127.0.0.1 - which makes host
> >and RBL checks useless, and may have the interesting side effect of
> >making it so anyone can relay through your box (127.0.0.1 is often a
> >trusted network).
>
> as long as deliveries from localhost:465 are only accepted for
> authenticated users I see no problem.
You can't tell which are from stunnel (via 465) and which are local mail
injections (ie Mailman for example) unless you hack something up with
pidentd. The originating port from stunnel will be random - and not
465.
Nigel.
--
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]