From owner-freebsd-isp  Thu Jan 20 14:44:24 2000
Delivered-To: freebsd-isp@freebsd.org
Received: from bofh.ops.uunet.co.za (bofh.ops.uunet.co.za [196.31.1.35])
	by hub.freebsd.org (Postfix) with ESMTP id BDB8214E49
	for <freebsd-isp@FreeBSD.ORG>; Thu, 20 Jan 2000 14:44:21 -0800 (PST)
	(envelope-from khetan@uunet.co.za)
Received: by bofh.ops.uunet.co.za (Postfix, from userid 1000)
	id 2C88A5BBD; Fri, 21 Jan 2000 00:44:11 +0200 (SAST)
Received: from localhost (localhost [127.0.0.1])
	by bofh.ops.uunet.co.za (Postfix) with ESMTP
	id 173871EBC; Fri, 21 Jan 2000 00:44:11 +0200 (SAST)
Date: Fri, 21 Jan 2000 00:44:11 +0200 (SAST)
From: Khetan Gajjar <khetan@freebsd.os.org.za>
X-Sender: khetan@bofh.ops.uunet.co.za
To: =?ISO-8859-1?Q?Josu=E9_Jos=E9_Souza_Jr=2E?= <josue@nexos.com.br>
Cc: freebsd-isp@FreeBSD.ORG
Subject: Re: SMTP/SSL
In-Reply-To: <Pine.BSF.4.05.10001190910030.37845-100000@genipabu.nexos.com.br>
Message-ID: <Pine.BSF.4.21.0001210042010.44684-100000@bofh.ops.uunet.co.za>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Content-Transfer-Encoding: 8BIT
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Around Wednesday, "Josué José Souza Jr." wrote :

JJSJ>  My question is if there is a way to configure sendmail to support SSL or
JJSJ>  if stunnel can detect clients intention to use or not SSL and then act
JJSJ>  just passing the message foward to sendmail (client not using SSL) or do
JJSJ>  it's regular job adding SSL before passing it to sendmail.

Using stunnel is relatively dangerous for forwarding SMTP
transactions. The problem is that stunnel will report to 
sendmail that there is a connection from localhost (not a
biggie because you should be recording stunnel output),
and will therefore apply anti-spam/UCE/relay rules as if
the mail sender was on the machine (which usually means
allow everything/anywhere).

It's best to SSL support _built-in_ to the mailer,
rather than use hacks like stunnel (which I use with
great pleasure for IMAP and POP3).

Khetan Gajjar.
---
khetan@uunet.co.za	* khetan@os.org.za        * PGP Key, contact
UUNET South Africa	* FreeBSD enthusiast      * details and other
http://www.uunet.co.za	* http://www.freebsd.org  * information at
System Administration   * http://office.os.org.za * kg+details@uunet.co.za



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message