From: /dev/rob0 (rob0gmx.co.uk)
Date: Mon Sep 04 2006 - 12:31:32 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Monday 04 September 2006 12:11, Sandy Drobic wrote:
> >> Why? 465 is the older SSL port, have you perhaps mistaken it for
> >> the submission port 587?
> >
> > No, I know what SMTPS is, and yes, it should be configured like a
> > submission port. At least mine are.
>
> That was the point I was trying to point at. This is your
> configuration, but it is not neccessarily the usual requirement.
>
> You might as well say TLS encryption is only meant for authenticated
> users. While it makes sense to encrypt any email submission with
> plain text authentication, TLS was also meant for unauthenticated
> mail submission. There is not much difference between TLS and SSL, so
> why offer SSL only for authenticated users?

It wouldn't matter because TTBOMK (I hope someone will correct me if
wrong) no MTA will use any port other than 25 for mail exchange with
other hosts, unless of course overridden by a non-default transport(5)
(or equivalent). SMTPS was only intended for submission.

> I was just trying to find what the basic master.cf from the default
> installation contains, but I don't seem to have a copy of it. My

Checking my source/conf/master.cf :

#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject

Mine has smtpd_sasl_auth_enable=yes already set, and I think my
"smtpd_tls_auth_only = yes" negates the need for "smtpd_enforce_tls =
yes". (I don't care about forcing $mynetworks to use TLS.)
--
    Offlist mail to this address is discarded unless
    "/dev/rob0" or "not-spam" is in Subject: header

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]