----- Original Message ----- From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, November 25, 2003 8:16 AM Subject: Re: [IMail Forum] SSL in SMTP
> > > I have watched in > > <http://www.stunnel.org/examples/>http://www.stunnel.org/examples/ but > > there is no example with smtp. > > That I must make to form the Server of Imail v8.04 so that protocol > > smtp is with SSL? > > You would want to have stunnel listen on port 465, and connect to 127.0.0.1 > port 25. > > Note that there are some problems with this that you may need to deal > with. For example, spammers may now have free access to your server (if > you use "Relay for Addresses", IMail always allows 127.0.0.1 to relay mail > -- and that is the IP it will see; I'm not sure if "No Mail Relay" allows > 127.0.0.1 to relay mail or not). Relaying isn't an issue if properly configured. Use the "local" parameter in stunnel.conf and point it to an "unused" IP on the box. Exclude that IP from imail's "relay for addresses" and the relay issues go away, ie with: [smtp] local = 192.168.1.12 accept = 192.168.1.10:465 connect = 25 in stunnel.conf, imail will see all stunnel traffic as coming from 192.168.1.12. As long as 192.168.1.12 is not in the relay for addresses range, then imail will deny relay, require AUTH, etc - assuming the relay settings are otherwise sound. > And, if you expect others to communicate > via SSL, you may need to get IMail to include STARTTLS in the ESMTP command > list, which may not be possible. And remember that most mailservers do not > use SSL in any way. Stunnel in theory can handle the starttls negotiation, but I've never tried - requiring clients to go straight to SSL. The primary purpose (for me) is to obsucre the SMTP/POP AUTH passwords, with a side benefit of keeping the internal stuff at least a little more private. Jerry To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
