Michael Holzt wrote:
I'm currently trying to hack TLS support for qpsmtpd. The idea is to usewhy not use an stunnel proxy?
IO::Socket::TLS. I implemented a new starttls command, my current code is:
Because ultimately qpsmtpd should be a full-featured MTA, and a full-featured MTA supports TLS natively. Thats why.
Regards Michael
When opening on port 25, not secure, the mta advertises STARTTLS capability, then optionally the client says STARTTLS, then the mta converts the socket on 25 to tls. No way for tunnel, that's a different protocol, not on port 25 like starttls is for mail. Other protocols such as ldap can also do starttls(convert a non-secure socket to tls mode).
-Bob Dodds
