Geza I. Mark <[EMAIL PROTECTED]> wrote: >The users access the >Internet using their various ISPs where they have >dynamic IP numbers. They are authenticated by their >individual SSL certificates. > >The requirement would be to allow the users to send >mail to anywhere and to receive mail from anywhere >while atill preventing the machine to became an open relay. > >My idea is the following. I'd set up two copies of qmail, It is possible with a single qmail implementing RFC2487 (STARTTLS). Qmail-smtpd will then relay mail iff the connection is authenticated with an SSL certificate, otherwise only mail to local users will be accepted. I have been experimenting with that and have a patch on http://www.esat.kuleuven.ac.be/~vermeule/qmail/tls.patch (server temporarily down, should be back tomorrow). Regards, Frederik