Re: [Exim] SMTP

Pàgina inicial
Delete this message
Reply to this message
Autor: Ron McKeating
Data:  
A: Tony Finch
CC: Alan J. Flavell, Exim-Users (E-mail)
Assumpte: Re: [Exim] SMTP
On Wed, 2004-06-30 at 16:09, Tony Finch wrote:
> On Wed, 30 Jun 2004, Alan J. Flavell wrote:
> >
> > Several types of client can be configured in such a way that they
> > adapt calmly to the situation of being sometimes inside and sometimes
> > outside (viz. laptops) without user intervention.
>
> Do I gather that you are only doing submission on port 25, and that you
> are not offering TLS and AUTH for connections from your internal network,
> and that you require MUAs to have their TLS switch at the "optional"
> setting?
>

We are doing TLS and in fact we only advertise auth-smtp at the second
ehlo after the user has switched to tls. There is no circumstance we
would want users using authenticated smtp over an insecure connection.

I should point out that this server is the mail-out server for our
campus. Under no circumstance should it receive connections from other
MTS's. We have different servers for incoming mail. We use the
auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
command

> This is very unwise, because it means that your users will not realise if
> their MUA is not connecting to your server in the case of a port 25
> interceptor, because it will silently degrade to plain SMTP. This can lead
> to email being silently lost. If you're going to use TLS and AUTH you
> should configure the MUA to require them all the time.
>


We are figuring on using port 465 rather than 25 for this. Laptop users
who use the same machine at home and on campus should work in either
situation.

Are there any gotchas here ?

> > Some folks will tell you that mail submission protocol is a preferable
> > solution to this requirement than authenticated SMTP. Maybe we should
> > look at that too.
>
> Definitely. It makes message submission much more reliable, and it allows
> users to have a single configuration that works anywhere. You will need to
> support both tls-on-connect on port 465 as well as standard submission on
> port 587 in order to support all the clients out there.
>
> Tony.
> --
> f.a.n.finch <dot@???> http://dotat.at/
> WHITBY TO THE WASH: SOUTH OR SOUTHWEST 4 OR 5, VEERING WEST 4 OR 5, THEN
> BACKING SOUTHWEST LATER. RAIN OR SHOWERS. MODERATE OR GOOD. SLIGHT.
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##

--
Ron McKeating
Senior IT Services Specialist
Internet Services and Software Solutions
Loughborough University
01509 222329