> Matus UHLAR - fantomas writes:
>> So, with current "default" configuration, esmtpd-ssl behaves much
>> differently than esmtpd-msa and it takes more work for admins to maintain
>> those configs.
On 01.12.10 20:40, Sam Varshavchik wrote:
> Perhaps some historical context will clear this up.
>
> SMTP over SSL on port 465 was intended to be nothing more than SSL-ified
> port 25, and identically configured.
yes, although I don't know who defined that (microsoft probably).
However I haven't seen anyone using it from MTA.
> MSA on port 587's purpose was to simplify the dual role of the same
> server both handling incoming mail, and acting as a smarthost for
> authorized clients. The idea behind port 587 is not to futz around with
> maintaining authorized RELAYCLIENT ranges for clients with relaying
> privileged. Drop all relaying privileged for port 25, that's your
> incoming mail, and have your clients use port 587, which simply requires
> authentication, and does not have to be configured with RELAYCLIENT
> ranges. Anything that goes to port 587 will require authentication, end
> of story.
Yes, and we use esmtpd-ssl the same way - the only difference is that is
uses ssl by default. We don't allow relaying and require authentication on
465. I have hardly compared all esmtpd* configs and modified esmtpd-ssl
config to get this result.
>> Currently, the esmtpd-msa.dist looks more like ssl'ed alternative of esmtpd
>
> No, it shouldn't.
>> (port 25) than MSA port with explicit SSL enabled. Do you want me to provide
>> patch(es) for .dist so it would look more like MSA with explicit SSL enabled
>> (for older version of M$ mail clients)?
>
> I'm not sure I follow you.
> The same startup script gets used for both esmtpd and esmtpd-msa:
...
> case `basename $0` in
...
> esmtpd-msa)
> configfiles="${sysconfdir}/esmtpd ${sysconfdir}/esmtpd-msa"
> . ${sysconfdir}/esmtpd
> . ${sysconfdir}/esmtpd-msa
...
> The separate esmtpd-ssl script just does:
>
> . ${sysconfdir}/esmtpd
+ . ${sysconfdir}/esmtpd-msa # use can more defaults from esmtpd-msa here.
> . ${sysconfdir}/esmtpd-ssl
>
> This seems to be correct to me, and rather straightforward. The esmtpd
> configuration file gives the default, stock setup for courieresmtpd.
> Then, the settings in esmtpd-msa config file override the settings in
> esmtpd, for port 587, and the settings in esmtpd-ssl override for port
> 465.
>
> I can kind of see why you want esmtpd-ssl and esmtpd-msa to use the same
> config, except for the encryption layer, however they serve slightly
> different purposes.
That's the question. Does anyone need esmtpd-ssl without authentication
required and with relaying by source IPs?
We for example don't, so we may safely source esmtpd-msa config in
esmtpd-ssl as shown above.
If anyone does, we can of course change settings in esmtpd-ssl (change them
to same values as esmtpd-msa) and add sections for ACCESSFILE, BLACKLISTS
(to disable them both) that are currently not there.
In both cases I'd recomment adding them to esmtpd.dist config (they may be
commented out so they don't override defaults from esmtpd).
> Note, that nothing prevents you from enabling STARTTLS on port 587, thus
> using port 587 for both non-encrypted and encrypted connections. A mail
> client that knows what to do with port 587 will also know how to use
> STARTTLS.
There are clients that don't support STARTTLS on port diferent than 25 and
want either plaintext or SSL there by default. Outlook <2007 for example.
--
Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Chernobyl was an Windows 95 beta test site.
------------------------------------------------------------------------------
What happens now with your Lotus Notes apps - do you make another costly
upgrade, or settle for being marooned without product support? Time to move
off Lotus Notes and onto the cloud with Force.com, apps are easier to build,
use, and manage than apps on traditional platforms. Sign up for the Lotus
Notes Migration Kit to learn more. http://p.sf.net/sfu/salesforce-d2d
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
