Bradey Honsinger wrote:
> I'm not currently blocking normal POP3 connections, but as I understand
> it you use tcpserver to only accept pop3 traffic from localhost (which
> limits it to accepting connections forwarded from the s-pop3 port to the
> pop3 port using stunnel), in much the same way you configure qmail-smtpd
> to only relay mail from specific IPs.
Yeah, I think this is what I'll end up doing too. I have a test setup with
it and it works pretty well. The only downside to this that I can see is
that using stunnel in daemon mode I don't get concurrency limits or any of
the other tcpserver benefits for the initial ssl connections. I could run
stunnel out of xinetd I suppose but then I wouldn't get the ssl caching
hoo-ha that stunnel can do.
So what's the general thought on just adding TLS/SSL support to tcpserver,
is that outside of the ucspi-tcp model, better left up to a separate
program, or something that would be nice but just hasn't been done yet?
--
Jamie Heilman http://wcug.wwu.edu/~jamie/
"We must be born with an intuition of mortality. Before we know the words
for it, before we know there are words, out we come bloodied and squalling
with the knowledge that for all the compasses in the world, there's only
direction, and time is its only measure." -Rosencrantz
