Phil Pennock wrote: > On 2008-01-13 at 15:40 -0800, chuckee wrote: >> I want to have Exim open on port 80 on my server (say, myserver.com), >> however I also have a website that needs to be visible (on port 80), at >> least on www.myserver.com and also myserver.com if possible. >> >> I need Exim open on port 80 because many of my users are accessing Exim from >> networks where port 80 is the only port that is open (e.g. airports). >> >> What would be the best way to do this? I don't want to have to have >> port80.myserver.com as the server. > > Quite aside from the policy and other issues raised, technically you > can't reliably do this. > > In HTTP the client sends first and an SMTP banner would be quite bad > unexpected data. In SMTP, the server sends first, sending a banner, so > the client waits until it sees something from the server. > > If SMTP clients sent first then you might have been able to do a clever > protocol analysis hack in the web-server to pass things off to Exim, but > they don't and so you can't. >
Though I agree (from actual testing) that use of port 80 is a bad idea, for smtp - the above does not apply in practice. The MTA and the MUA both still 'know' they are using smtp protocol, (indeed - have scant choice...) so whatever an httpd or browser would do is not relevant to getting a working session established on whatever choice of ports one chooses. It is not even a strict requirement that one edits /etc/services UNLESS relying on inetd. Not with Exim as MTA and either Mozilla suite or SeaMonkey suite or Opera suite as MUA anyway - and all three of those are also browsers, but 'confusethed not' the relevant protocols (did make cert installation easier, though). > The only other technical approaches would involve things like HTTP > CONNECT and running special client software to set this up. > > If you have to provide service to people in such draconian environments > and you're sure that you won't be an accessory to anything like managing > to leak customer data out of a corporation, then you'd be better off > looking to the future, when you need a second service outbound, and > instead use SSH on port 80 with a port-forwarding service and use the > existing SSH tunnelling tools which already exist. > > -Phil > > That works. And with 'stunnel' is easily left up with an abitrary port at *either* end. Used for years before some of our client's Win-based MUA were SSL/TLS capable. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
