[Mimedefang] Skipping SA on TLSMTA connections?
Jan-Pieter Cornet
johnpc at xs4all.nl
Thu Nov 23 18:59:04 EST 2006
On Thu, Nov 23, 2006 at 03:32:49PM -0700, Philip Prindeville wrote:
> This is on FC5. Quoting:
>
[...]
> dnl # The following causes sendmail to additionally listen to port 465, but
> dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
> dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
> dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
> dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
> dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
> dnl #
> dnl # For this to work your OpenSSL certificates must be configured.
> dnl #
> dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
[...]
> Ok, so I'll 'dnl' the:
>
> dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
>
> back, and un-dnl the:
>
> DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
>
> and see what happens.
Well, if you have clients that depend on port 465 being enabled,
they will complain :)
Also, I have to retract some of my words. I incorrectly assumed that
TLS would always start cleartext, until the STARTTLS command (as explained
in the comments above), but apparently a TLS connection can start encrypted,
so TLSMTA isn't that wrong after all. (See wikipedia on "Transaction
Level Security").
But it's not standard, I think redhat/fedora made up the "TLSMTA" name.
[...configuration issues...]
> Yes! People that want to do additional scripting should be able
> to, but more most, simply configured knobs and dials should be
> adequate.
>
> If we want people to erradicate spam, MdF needs to be made more
> accessible to the unwashed masses.
>
> Not convinced that better integration of SA and MdF settings is a
> bad thing, but I do agree that getting internal_networks right is
> something a lot of people seem to botch up.
I'm not convinced MIMEDefang is the ideal spam eradication product
for the unwashed masses.
--
Jan-Pieter Cornet <johnpc at xs4all.nl>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!! archive this message indefinitely to allow verification of the logs. !!
More information about the MIMEDefang
mailing list