Jeff Buehler wrote: > By the way, while it is possible, I think the likelihood of spammers going to the effort to retrieve packets to use your server for spamming is extremely low. I have never heard of anyone going to the effort to sniff packets simply to spam on commercial servers - none of the big commercial servers use SSL for regular email transactions - Comcast, SBC, and so on - and they have a lot more at risk than most of us. Also, it is a potentially pretty big bust these days since once they use
> an ill-gained password they have stepped over the law, so if they manage > to cause damage with it they might be tracked down like dogs (with your help, of course!) It's hard to find the balance between paranoid and exposed... > Lastly, SSL is not very efficient since it takes time to encrypt and then decrypt. Personally I would only use it for transactions that are required to be secure, not for daily emailing. So if SSL is used, does it encrypt the ENTIRE MESSAGE, not just authentication? Does it hog the processor or just make the user wait? For how long? 5 or 50 extra seconds on an average email? What about attachments? Encrypted email is definitely a service I want to offer. I think the stakes for email are only going to get higher, especially if SPF or similar takes hold. ISPs will have to get increasingly vigilant about how they do email. Here's a googled list of clients that support SSL. http://www.uni.edu/its/us/document/unimail/ssl/ > Anyway, if you still want to use it, I would try updating your openssl either to the newest version or to 0.9.7e (which I know works on my system). Should I just download the patch from the same place in your website? - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
