Chad Morland wrote: > > I am not a complete expert on STARTTLS but I have recently looked > investigated it for a project that I was doing. If I am wrong in any of my > following point someone please correct me. > > Firstly, STARTTLS will not encrypt your entire SMTP connection, just the > AUTH info. If you want your actual email to be encrypted your users would > have to use pgp or something along those lines. Really all you are worried > about is your SMTP auth info. Any further security from that should be with > the client.
This is bullshit. STARTTLS will encrypt the entire SMTP session after it, not just only SMTP AUTH. I don't know where you've got your stuff from. Appeartently you haven't even looked at the RFC nor the source code of qmail-ldap or sendwhale. -- Andre > Secondly, I am not sure why the email client is trying to connect on port > 465, it should still connect to port 25. From there your client should see > that STARTTLS is available and use it if you have specified that option in > your settings. > > Hope that helps a little. > > -Chad Morland > > ----- Original Message ----- > From: "James Stevens" <[EMAIL PROTECTED]> > To: "qmail-ldap list" <[EMAIL PROTECTED]> > Sent: Thursday, April 11, 2002 1:00 PM > Subject: encrypting the SMTP connection > > > I'd like to encrypt the smtp connection between my clients and my server > > and potentially between mail servers. I have the LDAP patch compiled in > > as well as the SMTP AUTH patch. All is functioning correctly. I have > > made the changes to the Makefile to enable TLS and when I telnet to my > > smtp port and ehlo it I see STARTTLS. I have also created my cert and it > > is in my control directory. But when I try to connect from my client to > > my server using a secure connection it errors. It seems to be looking > > for port 465 that is not available. What am I missing or am I not > > understanding this? > > > > Thanks in advance > > James Stevens > > > > > > > >
