Some older clients (Outlook'03 comes to mind) don't do TLS, so I think
there should be an option. That being said, I think it'd be good if the
'stock' QMT has the option enabled (require TLS).
--
-Eric 'shubes'
On 02/03/2011 01:12 PM, Jean-Paul van de Plasse wrote:
I did not include the FORCE_TLS patch when doing the submission patches.
Can not remember anymore why, it is to long ago..
Quick google returns a simple solution, that always requires tls for
authentication
Maybe it is nicer to have this optional with the FORCE_TLS, but that
should not be too difficult either.
void smtp_auth(arg)
char*arg;
{
+ if (!ssl)
+ {
+ out("538 auth not available without TLS (#5.3.3)\r\n");
+ return;
+ }
int i;
char*cmd= arg;
http://notes.sagredo.eu/node/84
JP
On Feb 3, 2011, at 20:54 , Eric Shubert wrote:
I'd be very careful with this one, CJ.
You need to keep 25 open for incoming (inter-domain) mail. ;)
If QMT doesn't have the patch for the FORCE_TLS option, it'd be nice
if it did. This is something I'd also like to see on the submission
instance of qmail-smtp.
Can you round up that patch? If you can give it a try, that'd be
great. If not, please post here where to get it so someone (hopefully
other than Jake) can give it a shot to see if it clashes with any
other patches we're using.
--
-Eric 'shubes'
On 02/03/2011 12:42 PM, Cecil Yother, Jr. wrote:
You could block port 25 in your iptables
On 02/03/2011 11:20 AM, Jeremy Utley wrote:
Hello everyone!
We're using a toaster installation for our primary mail server at my
company, and over the last few weeks we've been working on configuring
everyone's mail clients to use SSL for sending& receiving e-mail.
Now that we have everyone converted over to use of SSL, we'd like to
stop all non-SSL access. For imap and pop3, it was quite simple, I
simply disabled the imap4 and pop3 run scripts in
/var/qmail/supervise. However, for SMTP, I haven't had much luck yet.
We'd like to force the submission port 587 to require TLS and
SMTP-Auth before a message is sent out., while leaving SMTP port 25
un-modified. I had read on another qmail site that you could do this
by use of a FORCE_TLS=1 variable in the run script, but that did not
work, so I suspect that this patch is not in the toaster packages (and
running strings against /var/qmail/bin/qmail-smtpd seems to bear that
out). Is there any way with the toaster to enforce TLS usage, and
reject any mail that's not TLS. We'd like to stick with TLS so we
don't have to reconfigure everyone's mail clients for SMTPS, which is
deprecated at any rate.
Thanks for any help you all can give!
Jeremy
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com <http://www.vickersconsulting.com>)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com <http://qmailtoaster.com> for the
latest news, updates, and packages.
To unsubscribe, e-mail:
[email protected]
<mailto:[email protected]>
For additional commands, e-mail:
[email protected]
<mailto:[email protected]>
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com <http://www.vickersconsulting.com>)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com <http://qmailtoaster.com> for the latest
news, updates, and packages.
To unsubscribe, e-mail: [email protected]
<mailto:[email protected]>
For additional commands, e-mail:
[email protected]
<mailto:[email protected]>
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
