ssl/tls relaying ( was Re: [PLUG] Any cyrus imap/sasl experts among us?)
Paul Heinlein
heinlein at madboa.com
Thu May 20 21:57:02 UTC 2004
On Thu, 20 May 2004, Steve Beattie wrote:
> Wil, do you want to clarify what you mean here? By ssl, I'm assuming
> you're referring to starttls, no?
I believe Wil was saying that if you have an open relay on port 465,
albeit one that demands SSL crypto, that sooner or later the spammers
will figure out how to take advantage of it.
> I do relaying with postfix based on starttls (check the headers on
> this message), but I disbelieve that mail.nxnw.org is ripe for relay
> abuse, as it only allows a particular public key to relay through
> it, that postfix on the client end uses to authenticate itself. Is
> there some flaw in this strategy that I'm overlooking?
No, that's a pretty good scheme. I use it on my local net, but
off-site hosts can only relay using smtp/auth.
> Granted, I have *no idea* how to get windows clients to present a
> tls certificate when doing smtp -- but that's not a problem I have
> to solve :-).
They can use stunnel...
-- Paul Heinlein <heinlein at madboa.com>
More information about the PLUG
mailing list