On Wednesday 11 May 2005 09:49, [EMAIL PROTECTED] wrote: > > Consider that some servers relay though James from an > > internal trusted network, they do not need to issue STARTTLS, > > others however are relaying through a public network an are > > thus required to issue STARTTLS (perhaps even with > > client-certificate authentication). > > So we do not disable STARTTLS for the internal servers, but > > on the other hand do not require it either. > > Sure, but this seems the normal standard behaviour. We only need a > configuration for > StartTLSSupport = disabled | enabled | required > > Isn't this enough to support the STARTTLS reply?
No, a) if you specify "required" the internal servers will also need to execute STARTTLS b) if you specify "enabled" the external servers can relay without doing STARTTLS This is not what I want. Internal servers can always relay and external servers must use STARTTLS. Of course if the "authorizedAddresses", has priority over this setting, we are home free. > > The check to see wether the relay is supported or not because of AUTH or > STARTTLS will be done after the first RCPT so the "extension point" is the > RCPT and not the STARTTLS. Agreed, we just need to capture the state information (preferably in a stateobject as opposed to the current Hashmap) --Søren > > Stefano > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] -- Søren Hilmer, M.Sc. R&D manager Phone: +45 72 30 64 00 TietoEnator IT+ A/S Fax: +45 72 30 64 02 Ved Lunden 12 Direct: +45 72 30 64 57 DK-8230 Åbyhøj Email: soren.hilmer <at> tietoenator.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
