[plug] disabling STARTTLS in sendmail for port 25 only
Gavin Rogers
grogers at vk6hgr.echidna.id.au
Wed Dec 3 23:44:40 WST 2003
At 08:57 PM 3/12/2003 +0800, you wrote:
>Just in case anybody runs into this later, here's some archive food.
>
>I've spent quite a bit of time just now looking for a way to get sendmail
>to offer STARTLS and require AUTH on a special mail-submission only port,
>but not offer STARTTLS at all on port 25 (smtp). In other words, supress
>STARTTLS for normal delivery, while allowing it for special clients on a
>different port.
>
>The reason for this is that the CA certificate is self-signed, and won't
>be accepted by other MTAs or by SMTP-capable MUAs unless there is user
>intervention.
Not in my experience.
Other MTAs (seem to) don't care about the authenticity of the server they
are connected to, the certificate/key exchange is used in STARTTLS as a
basis to encrypt the body of the email.
This could be wrong/non-standard but this is the observed behaviour on 1
medium and 1 small volume exim 3/4 servers with TLS support enabled with
self-signed certificates.
Cheers,
Gavin.
---
Amateur radio station VK6HGR
http://vk6hgr.ampr.org/
Email : grogers at vk6hgr.echidna.id.au
Packet: vk6hgr at vk6hgr.#per.#wa.aus.oc
More information about the plug
mailing list