From owner-freebsd-isp  Fri Jan 21  3: 3:30 2000
Delivered-To: freebsd-isp@freebsd.org
Received: from ns1.sunesi.net (ns1.sunesi.net [196.15.192.194])
	by hub.freebsd.org (Postfix) with ESMTP id F060615464
	for <freebsd-isp@freebsd.org>; Fri, 21 Jan 2000 03:03:25 -0800 (PST)
	(envelope-from nbm@sunesi.net)
Received: from nbm by ns1.sunesi.net with local (Exim 3.03 #1)
	id 12BboF-000KN8-00; Fri, 21 Jan 2000 13:00:55 +0200
Date: Fri, 21 Jan 2000 13:00:55 +0200
From: Neil Blakey-Milner <nbm@mithrandr.moria.org>
To: Khetan Gajjar <khetan@freebsd.os.org.za>
Cc: =?iso-8859-1?Q?Josu=E9_Jos=E9_Souza_Jr=2E?= <josue@nexos.com.br>,
	freebsd-isp@FreeBSD.ORG
Subject: Re: SMTP/SSL
Message-ID: <20000121130055.D77623@mithrandr.moria.org>
References: <Pine.BSF.4.05.10001190910030.37845-100000@genipabu.nexos.com.br> <Pine.BSF.4.21.0001210042010.44684-100000@bofh.ops.uunet.co.za>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0pre2i
In-Reply-To: <Pine.BSF.4.21.0001210042010.44684-100000@bofh.ops.uunet.co.za>
Organization: Rhodes University Computer Users' Society
X-Operating-System: FreeBSD 3.3-RELEASE i386
X-URL: http://rucus.ru.ac.za/~nbm/
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri 2000-01-21 (00:44), Khetan Gajjar wrote:
> JJSJ>  My question is if there is a way to configure sendmail to support SSL or
> JJSJ>  if stunnel can detect clients intention to use or not SSL and then act
> JJSJ>  just passing the message foward to sendmail (client not using SSL) or do
> JJSJ>  it's regular job adding SSL before passing it to sendmail.
> 
> Using stunnel is relatively dangerous for forwarding SMTP
> transactions. The problem is that stunnel will report to 
> sendmail that there is a connection from localhost (not a
> biggie because you should be recording stunnel output),
> and will therefore apply anti-spam/UCE/relay rules as if
> the mail sender was on the machine (which usually means
> allow everything/anywhere).

Oh, before I forget, if you're using qmail, this isn't a problem
- just use tcpserver (or tcp-env in inetd) as usual and it'll deal
with getting the connection information for you.  In some ways, I
wish more software worked like this.

Neil
-- 
Neil Blakey-Milner
nbm@rucus.ru.ac.za


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message