Sam Varshavchik wrote on 02.04.2013 3:17:
> Alexei Yu. Batyr' writes:
> 
>> Sam Varshavchik wrote on 31.03.2013 8:02:
>>> ...
>>> * Changed error handling when sending mail to mail servers that
>>> advertise that they can support encrypted SMTP, but fail to open an
>>> encrypted connection once Courier takes up their offer. Removed the
>>> /SECURITY=NONE option from esmtproutes. When sending mail to a 
>>> server
>>> that advertises STARTTLS, but either subsequently rejects the 
>>> STARTTLS
>>> request with an error message, or by dropping the connection, the 
>>> mail
>>> is requeued, and the server's name is logged. Subsequent connection
>>> attempts to the same server, to resend this message or send any 
>>> other
>>> message, will ignore the server's STARTTLS capability. This is 
>>> logged
>>> in a rotating log file, that's erased after 2-4 hours, at which time
>>> the next connection attempt will once again attempt to use STARTTLS,
>>> and see what happens.
>>> 
>>> * /SECURITY=REQUIRED replaces /SECURITY=NONE. If set, in 
>>> esmtproutes,
>>> mail will not be sent to this mail server, without STARTTLS. Note,
>>> though, that this doesn't mean much, unless ESMTP_TLS_VERIFY_DOMAIN 
>>> is
>>> set to 1 in courierd (together with the additional variables that 
>>> are
>>> documented there), which will require remote mail servers to use 
>>> valid
>>> certificates signed by a trusted CA root.
>>> 
>> So, from this version on, I cannot maintain my STARTTLS-free SMTP
>> infrastructure (only explicit SSL on dedicated port). Would it be
>> possible to add some configure script parameter, e.g.
>> --smtp-starttls-disable, which will act as ":  /SECURITY=NONE" in
>> esmtproutes and remove STARTTLS advertizing from ESMTP greeting
>> (250-XSECURITY=NONE instead of 250-XSECURITY=NONE,STARTTLS)? Or at 
>> least
>> leave /SECURITY=NONE as it was?
> 
> Not exactly sure what you're looking for, but to disable TLS 
> completely, you just need to remove the couriertls
> binary. This will prevent Courier from sending mail using STARTTLS, 
> without having to diddle with esmtproutes,
> and will prevent Courier's esmtpd server from advertising STARTTLS. 
> This is true now.

Removing couriertls will also disable STARTTLS for IMAP and POP, won't 
it? I'd like to do it only for SMTP service.


------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire 
the most talented Cisco Certified professionals. Visit the 
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to