Hi Bob!
> When opening on port 25, not secure, the mta advertises
> STARTTLS capability, then optionally the client says
> STARTTLS, then the mta converts the socket on 25 to tls.
> No way for tunnel,
[...]
We already had that. stunnel is kind of intelligent and knows about the
smtp, pop3 and nntp protocols and will handle that. But this adds another
layer into the protocol, making the whole setup more complicated.
I recently had the case with a virus scanner which also spoke smtp and
transparently modified outgoing smtp connections (by intercepting the data
exchange!). It broke mail delivery, and we were searching for hours until we
found out the reason. Therefore i strongly deter from such solutions.
Regards
Michael
--
It's an insane world, but i'm proud to be a part of it. -- Bill Hicks
