On Mon, Oct 23, 2000 at 06:18:27PM -0400, Adam McKenna wrote:
> On Mon, Oct 23, 2000 at 04:58:05PM -0500, David Dyer-Bennet wrote:
> > Andrzej <[EMAIL PROTECTED]> writes on 23 October 2000 at 13:59:20 +0200
> > > On Sun, Oct 22, 2000 at 04:59:52PM -0400, Hubbard, David wrote:
> > > > You can use stunnel to encapsulate qmail-pop3d withing SSL.
> > >
> > > [...]
> > >
> > > stunnel and other SSL wrappers work great, but then qmail sees all
> > > connections incoming from localhost. It's not possible to use the "POP3
> > > before SMTP" relay controls any more.
> >
> > Am I missing something here, or will allowing relaying from localhost
> > solve the problem? Assuming you want to allow relaying for anybody
> > allowed to establish an ssl connect to do pop, anyway.
>
> The problem is that when using SSL-SMTP, every connection looks like its
> coming from localhost, so your relay control is gone.
>
> The best you can do is control who you want connecting to the SSL port.
>
You mean limitind access based on IP numbers? This will only work
for users with fixed IPs.
To summarize:
It looks like we can't have POP3+SSL+Relay control + running in a secure way.
Andrzej