David Nicol a �crit :why not use an stunnel proxy?
Is there a tutorial for doing this with qpsmtpd? In fact, is there anyone who is running this with starttls, not "full-time" TLS?
Ok, answering my own questions here. A sign of deep mental troubles... 8-)
starttls is possible with an vanilla installation of stunnel, it's activated with the "protocol=smtp" service option of the configuration file. However, there seem to be a couple bugs in the freebsd port version, it doesn't advertise the good hostname at startup and doesn't always give answers that start with a number. Also it only advertises STARTTLS has EHLO options without considering the others options that your qpsmtpd setup has.
Here's an example session: ----- [EMAIL PROTECTED]:~$ telnet a.b.c 123 Trying a.b.c... Connected to a.b.c. Escape character is '^]'. + stunnelogidac.com ESMTP EHLO TEST Welcome 250 STARTTLS [...] -----
I spent some time this morning reading the mailing list archives about this and I'm not sure about what it possible. It looks like the starttls patch has been included into stunnel, does that mean that I could just do something like this?
tcpserver (args) stunnel (args) qpsmtpd
Something like this is described in the page linked below, I haven't managed to make it work with qpsmtpd, but I only tried for about 20 minutes... Anyway, the problems associated with the protocol=smtp option tell me that this is not the best way to go.
http://www.stunnel.org/examples/qmail-pop3d.html
In this setup, will qpsmtpd see all the connections coming from localhost?
I don't think that it will show connections from localhost host in the tcpserver configuration. In the more traditionnal "proxy" configuration, however, it would show up as coming from localhost. There is a configuration option called transparent proxy that would "spoof" the proxy as the original server. The transparent proxy can be activated by adding "transparent=yes" in the service part of the configuration. It's only implemented on linux, so I wasn't able to try it out.
I guess that's another vote for integrated starttls support in qpsmtpd.
Make that another vote from me, oh wait, that would be the same one... :-)
Best, GFK's -- Guillaume Filion, ing. jr Logidac Tech., Beaumont, Qu�bec, Canada - http://logidac.com/ PGP Key and more: http://guillaume.filion.org/
