Matt Sergeant wrote:
On 26 Apr 2005, at 15:00, Michael Holzt wrote:
I think the consensus (in July/August 2004) was to use stunnel as a wrapper around qpsmtpd, e.g.
Thats not a solution for the problem. While this will enable SMTPS (which
happens to be the secure version of SMTP like HTTP/HTTPS), this is not of
much use as SMTPS is mostly dead in favor of TLS. TLS is a universal
approach to upgrade an insecure connection to a secured one, and as the
connection will switch inbetween this can't be accomplished using stunnel.
It was discovered that stunnel understands SMTP and can proxy up until a starttls command, and then intercept and do tls, and then continue proxying the secure connection.
But... I'd still like to build in proper tls support. I may look at that some time soon, but I'll likely only do it on the high-perf branch since TLS is very dependant on the connection, and every different subsystem (Apache, high_perf, tcpserver, etc) does the connection differently.
Matt.
You'd only have to perl tls for high_perf, and somebody else for forkserver, if sslserver is a drop-in replacement for tcpserver, right?
-Bob
