Sam Varshavchik wrote on 02.04.2013 3:17: > Alexei Yu. Batyr' writes: > >> Sam Varshavchik wrote on 31.03.2013 8:02: >>> ... >>> * Changed error handling when sending mail to mail servers that >>> advertise that they can support encrypted SMTP, but fail to open an >>> encrypted connection once Courier takes up their offer. Removed the >>> /SECURITY=NONE option from esmtproutes. When sending mail to a >>> server >>> that advertises STARTTLS, but either subsequently rejects the >>> STARTTLS >>> request with an error message, or by dropping the connection, the >>> mail >>> is requeued, and the server's name is logged. Subsequent connection >>> attempts to the same server, to resend this message or send any >>> other >>> message, will ignore the server's STARTTLS capability. This is >>> logged >>> in a rotating log file, that's erased after 2-4 hours, at which time >>> the next connection attempt will once again attempt to use STARTTLS, >>> and see what happens. >>> >>> * /SECURITY=REQUIRED replaces /SECURITY=NONE. If set, in >>> esmtproutes, >>> mail will not be sent to this mail server, without STARTTLS. Note, >>> though, that this doesn't mean much, unless ESMTP_TLS_VERIFY_DOMAIN >>> is >>> set to 1 in courierd (together with the additional variables that >>> are >>> documented there), which will require remote mail servers to use >>> valid >>> certificates signed by a trusted CA root. >>> >> So, from this version on, I cannot maintain my STARTTLS-free SMTP >> infrastructure (only explicit SSL on dedicated port). Would it be >> possible to add some configure script parameter, e.g. >> --smtp-starttls-disable, which will act as ": /SECURITY=NONE" in >> esmtproutes and remove STARTTLS advertizing from ESMTP greeting >> (250-XSECURITY=NONE instead of 250-XSECURITY=NONE,STARTTLS)? Or at >> least >> leave /SECURITY=NONE as it was? > > Not exactly sure what you're looking for, but to disable TLS > completely, you just need to remove the couriertls > binary. This will prevent Courier from sending mail using STARTTLS, > without having to diddle with esmtproutes, > and will prevent Courier's esmtpd server from advertising STARTTLS. > This is true now.
Removing couriertls will also disable STARTTLS for IMAP and POP, won't it? I'd like to do it only for SMTP service. ------------------------------------------------------------------------------ Minimize network downtime and maximize team effectiveness. Reduce network management and security costs.Learn how to hire the most talented Cisco Certified professionals. Visit the Employer Resources Portal http://www.cisco.com/web/learning/employer_resources/index.html _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
