Sam Varshavchik pisze: > [UTF-8]Pawe T™cza writes: > >> Hello People, >> >> Is it possible to force authenticated SMTP relaying only via SSL/TLS? >> >> We need to protect the passwords of our users strongly, so they should >> use secure connection (via SSL) to ESMTP/POP3/IMAP servers. But how can >> we force the users to use STARTTLS for "normal" ESMTP server which >> listens on port 25? STARTTLS is only option here, so some users can >> bypass our security policy. > > You can make it a mandatory setting only if it's a dedicated server, by > setting ESMTP_TLS_REQUIRED. You can't do that if you share the same server > for incoming mail, and smarthosted mail for your clients.
Hi Sam, Thanks a lot for your reply! I have that server, but I'm affraid that ESMTP_TLS_REQUIRED setting is too restrictive for me, because I'm not quite sure that all clients support TLS. > An option that may work for you is to remove the ESMTPAUTH setting, and put > it into ESMTPAUTH_TLS. Courier will advertise no support for authentication > in non-encrypted connections, and will advertise AUTH support only after > STARTTLS. This setting only turns off the advertisement for AUTH support. I like that option, so I choose it :) > Clients are not supposed to authenticate unless the server advertises this > capability, however it's possible that buggy clients will blindly try to > authenticate even if the server doesn't advertise AUTH support. But all clients, buggy and not, will not send message via my server if they try to use non-encrypted connections. Then they should see an error message like "513 Relaying denied.". Right? My best regards, Pawel ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
