On Mon, Jan 20, 2003 at 09:18:10AM -0800, Peter William Lount wrote: > > Unless your clients are MS Outlook Express - it still uses port 465, > AFAIK. > > > > > Secure SMTP is done over port 25 using the 'STARTTLS' ESMTP extension. > > > > For most all other clients, yes. > > Yikes, now that seems even more complicated! > > Does this mean that I need to have it setup on both ports (in order to > support a wide variety of clients)? In outlook express there is an ability > to change the port number. When does outlook express use port 465? When you > click the "Logon using secure password authentication" check box?
No, that's something completely different. That tells it to use the AUTH command to authenticate, using a Microsoft-proprietry SASL mechanism. I don't run Windows, but you'd need to look in OE for something which says "use SSL" or "use TLS" or "use encryption" or something like that. Then turn it on, run tcpdump at the server end, and see what it's trying to do. In summary: SMTP AUTH: use a username/password to establish who I am (which in turn, for example, may allow me to relay even though I am coming from a non-local IP address) SMTP STARTTLS: use TLS encryption for the communication between client and server. The two can be used together in the same SMTP session. > Ok, now I really need some help. How can I set it up so that authenticated > relaying requires SSL while normal inbound smtp/esmtp connections do not? > Obviously this has been done before by someone? It must be really simple > (one hopes). I don't think Courier MTA has enough configurability to apply the policy that you want. Some other MTAs do. Presumably you choose the above policy because you don't want your customers' passwords to be sniffable in cleartext. So a more specific policy might be "require SSL for AUTH PLAIN, but allow AUTH CRAM-MD5 over a non-SSL connection" Regards, Brian. ------------------------------------------------------- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
