[UTF-8]Pawe Tcza writes:
Hello People,Is it possible to force authenticated SMTP relaying only via SSL/TLS?We need to protect the passwords of our users strongly, so they should use secure connection (via SSL) to ESMTP/POP3/IMAP servers. But how can we force the users to use STARTTLS for "normal" ESMTP server which listens on port 25? STARTTLS is only option here, so some users can bypass our security policy.
You can make it a mandatory setting only if it's a dedicated server, by setting ESMTP_TLS_REQUIRED. You can't do that if you share the same server for incoming mail, and smarthosted mail for your clients.
An option that may work for you is to remove the ESMTPAUTH setting, and put it into ESMTPAUTH_TLS. Courier will advertise no support for authentication in non-encrypted connections, and will advertise AUTH support only after STARTTLS. This setting only turns off the advertisement for AUTH support. Clients are not supposed to authenticate unless the server advertises this capability, however it's possible that buggy clients will blindly try to authenticate even if the server doesn't advertise AUTH support.
pgpar3gFZPnyN.pgp
Description: PGP signature
------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
