Matus UHLAR - fantomas writes:
On 30.11.10 23:50, Sam Varshavchik wrote:By definition, port 587, and port 465, is to be used for authenticated SMTP only. So only clients that succesfully authenticate, using standard authenticated SMTP, have any beeswax connecting to these ports.[...]Matus UHLAR - fantomas writes:That's it - I defined ACCESSFILE in esmtpd, since I use it for port 25 clients. I want to have it empty for esmtpd-msa, but the ACCESSFILE isn't defined there, but it is in esmtpd-msa config. The same applies for BLACKLISTS - I don't need blacklists for port 465 thus I want to undefine them. Of course I can just put ACCESSFILE="" and BLACKLISTS="" at the end of esmtpd-msa config but I wonder if I could do it more universally. I see that many of settings that are in esmtpd-msa can be used in esmtpd-ssl thus I think sourcing esmtpd-msa config (in addition to esmtpd andesmtpd-ssl) would make things easier.Otherwise, the sections where these variables are defined should be put into esmtpd-msa.dist file.On 01.12.10 06:52, Sam Varshavchik wrote:That's why the configuration files are, essentially, shell scripts. No one size fits all, everyone have their own requirements. Having them as shell scripts gives everyone the ability to do whatever they want.And given how sysconftool gets used to update the configuration files, as long as the magical comments don't get clobbered, you have a high degree of assurance that custom logic won't get nuked when upgrading; in the worst case you'll be able to fish it out from a .bak file.Sam, if you agree that both 465 and 587 are designed to do the same job, don't you think they should have (nearly) the same config options in the default config or source the same config file? Note that there are no magical comments about ACCESSFILE and BLACKLISTS in esmtpd-ssl and there's no ". ${sysconfdir}/esmtpd-msa" in esmtpd-ssl. So, with current "default" configuration, esmtpd-ssl behaves much differently than esmtpd-msa and it takes more work for admins to maintain those configs.
Perhaps some historical context will clear this up.SMTP over SSL on port 465 was intended to be nothing more than SSL-ified port 25, and identically configured.
MSA on port 587's purpose was to simplify the dual role of the same server both handling incoming mail, and acting as a smarthost for authorized clients. The idea behind port 587 is not to futz around with maintaining authorized RELAYCLIENT ranges for clients with relaying privileged. Drop all relaying privileged for port 25, that's your incoming mail, and have your clients use port 587, which simply requires authentication, and does not have to be configured with RELAYCLIENT ranges. Anything that goes to port 587 will require authentication, end of story.
Currently, the esmtpd-msa.dist looks more like ssl'ed alternative of esmtpd
No, it shouldn't.
(port 25) than MSA port with explicit SSL enabled. Do you want me to provide patch(es) for .dist so it would look more like MSA with explicit SSL enabled (for older version of M$ mail clients)?
I'm not sure I follow you.
The same startup script gets used for both esmtpd and esmtpd-msa:
cd ${prefix} || exit 1
case `basename $0` in
esmtpd)
configfiles="${sysconfdir}/esmtpd"
. ${sysconfdir}/esmtpd
;;
esmtpd-msa)
configfiles="${sysconfdir}/esmtpd ${sysconfdir}/esmtpd-msa"
. ${sysconfdir}/esmtpd
. ${sysconfdir}/esmtpd-msa
;;
*)
echo "Must be invoked as esmtpd or esmtpd-msa" >&2
exit 1
;;
esac
The separate esmtpd-ssl script just does:
. ${sysconfdir}/esmtpd
. ${sysconfdir}/esmtpd-ssl
This seems to be correct to me, and rather straightforward. The esmtpd
configuration file gives the default, stock setup for courieresmtpd. Then,
the settings in esmtpd-msa config file override the settings in esmtpd, for
port 587, and the settings in esmtpd-ssl override for port 465.
I can kind of see why you want esmtpd-ssl and esmtpd-msa to use the same config, except for the encryption layer, however they serve slightly different purposes.
Note, that nothing prevents you from enabling STARTTLS on port 587, thus using port 587 for both non-encrypted and encrypted connections. A mail client that knows what to do with port 587 will also know how to use STARTTLS.
pgpmf5tGMQpW5.pgp
Description: PGP signature
------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
