On Mon, Oct 23, 2000 at 01:59:20PM +0200, Andrzej wrote:
> stunnel and other SSL wrappers work great, but then qmail sees all
> connections incoming from localhost. It's not possible to use the "POP3
> before SMTP" relay controls any more.
Nope. With both stunnel and sslwrap you can (and should) run the target
program directly from the wrapper program.
The sslwrap documentation states:
Instead of doing a loopback IP connection as described above,
you can use the -exec option to directly execute a program. For
security reasons, I recommend using the standard inetd
configuration specified above, instead.
I queried the author about why he felt that doing loopback IP
connections was more secure than just exec'ing the program directly, and
received no response. I know of no reason it would be more secure, and
it prevents you from doing things like relay-ctrl as well.
--
Bruce Guenter <[EMAIL PROTECTED]> http://em.ca/~bruceg/
PGP signature
