On Mon, Oct 23, 2000 at 04:58:05PM -0500, David Dyer-Bennet wrote:
> Andrzej <[EMAIL PROTECTED]> writes on 23 October 2000 at 13:59:20 +0200
> > On Sun, Oct 22, 2000 at 04:59:52PM -0400, Hubbard, David wrote:
> > > You can use stunnel to encapsulate qmail-pop3d withing SSL.
> >
> > [...]
> >
> > stunnel and other SSL wrappers work great, but then qmail sees all
> > connections incoming from localhost. It's not possible to use the "POP3
> > before SMTP" relay controls any more.
>
> Am I missing something here, or will allowing relaying from localhost
> solve the problem? Assuming you want to allow relaying for anybody
> allowed to establish an ssl connect to do pop, anyway.
The problem is that when using SSL-SMTP, every connection looks like its
coming from localhost, so your relay control is gone.
The best you can do is control who you want connecting to the SSL port.
I think that the reason the author recommends running thru ined (I use
tcpserver myself) is that he doesn't consider the program secure enough to
run as root.
--Adam
--
Adam McKenna <[EMAIL PROTECTED]> | "No matter how much it changes,
http://flounder.net/publickey.html | technology's just a bunch of wires
GPG: 17A4 11F7 5E7E C2E7 08AA | connected to a bunch of other wires."
38B0 05D0 8BF7 2C6D 110A | Joe Rogan, _NewsRadio_
6:17pm up 135 days, 15:33, 10 users, load average: 0.04, 0.02, 0.00
