I just set up a new server and I can't for the life of me remember,
or find, how to disable SSL on port 25 for general incoming mail?
Some lame govt mailservers are still using SSL23...
SSL23_GET_SERVER_HELLO:tlsv1 alert decode error
and rather than whitelist them I'm sure I used to just disable SSL
via /etc/courier/esmtpd altogether (currently using v0.68.2)...
~ egrep -v "^(#|$)" /etc/courier/esmtpd
PATH=/usr/bin:/bin:/usr/bin:/usr/local/bin
SHELL=/bin/bash
ULIMIT=32768
BOFHCHECKDNS=1
BOFHNOEXPN=1
BOFHNOVRFY=1
TARPIT=1
NOADDMSGID=1
NOADDDATE=1
ESMTP_LOG_DIALOG=0
AUTH_REQUIRED=0
COURIERTLS=/usr/bin/couriertls
TLS_KX_LIST=ALL
TLS_COMPRESSION=ALL
TLS_CERTS=X509
TLS_CERTFILE=/etc/courier/esmtpd.pem
TLS_TRUSTCERTS=/etc/ssl/certs
TLS_VERIFYPEER=NONE
MAILUSER=daemon
MAILGROUP=daemon
BLACKLISTS="-block=zen.spamhaus.org,BLOCK -block=cbl.abuseat.org,BLOCK"
DROP="-drop"
ACCESSFILE=${sysconfdir}/smtpaccess
MAXDAEMONS=40
MAXPERC=5
MAXPERIP=5
PIDFILE=/var/run/courier/esmtpd.pid
TCPDOPTS="-stderrlogger=/usr/sbin/courierlogger -nodnslookup -noidentlookup"
ESMTPAUTH="LOGIN PLAIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256"
ESMTPAUTH_WEBADMIN="LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256"
ESMTPAUTH_TLS=""
ESMTPAUTH_TLS_WEBADMIN="PLAIN LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256"
ESMTPDSTART=YES
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
