By the way, while it is possible, I think the likelihood of spammers going to the effort to retrieve packets to use your server for spamming is extremely low. I have never heard of anyone going to the effort to sniff packets simply to spam on commercial servers - none of the big commercial servers use SSL for regular email transactions - Comcast, SBC, and so on - and they have a lot more at risk than most of us. Also, it is a potentially pretty big bust these days since once they use an ill-gained password they have stepped over the law, so if they manage to cause damage with it they might be tracked down like dogs (with your help, of course!)
Lastly, SSL is not very efficient since it takes time to encrypt and then decrypt. Personally I would only use it for transactions that are required to be secure, not for daily emailing. Anyway, if you still want to use it, I would try updating your openssl either to the newest version or to 0.9.7e (which I know works on my system). Jeff Ross Gohlke wrote: >Alas, I'm on FreeBSD! Is there Linux stunnel? > >PGP would protect the mail itself, but is a separate issue from securing >SMTP Auth, no? What I'm trying to do right now is protect the ACCOUNT >INFORMATION. > >Even if it's unlikely that someone would sniff my users' packets, what's >to stop a spammer from snagging random SMTP username/pass of the Net and >using that server to send spam? I'm just trying to be consistent. > >For anyone running a commercial service for users, such issues must be >considered. > >Thanks for all the feedback. > > > >>But well, it might work - give it a try Ross. >> >> > > >ross > > > > > >- >To unsubscribe from this list: send the line "unsubscribe xmail" in >the body of a message to [EMAIL PROTECTED] >For general help: send the line "help" in the body of a message to >[EMAIL PROTECTED] > > > > - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
