Scalix Forums

I've been through the doc in the solutions to implement SMTPS with stunnel.. that much is easy. What I'm trying to do is make sure that my mail gateway (at a hosting provider) talks encrypted SMTP to my Scalix (at home) all the time:

Internet <--> MX gateway <--> Scalix

The MX gateway is running a lot of things, but the base is Sendmail 8.13.1. I've found a doc (http://www.brandonhutchinson.com/Using_TLS_with_Sendmail.html) that talks about forcing sendmail to use TLS on certain hosts, but I have the feeling that's not what I want, since TLS isn't an option on Scalix. Also, as it's server to server traffic, I'd think that SMTP auth isn't what I want anyway.

I'm certainly not trying to re-invent the wheel here, so please don't flame me for not understanding..

One quite simple option here would be to configure the Scalix SMTP relay to listen on port 587 for authenticated users, whilst letting sendmail listen for connections from your mailhost on port 25 using STARTTLS.

But everything I've seen so far says that STARTTLS isn't supported on Scalix - hence why you need to use stunnel...? Or did I completely miss your point?

hubersan wrote:But everything I've seen so far says that STARTTLS isn't supported on Scalix - hence why you need to use stunnel...? Or did I completely miss your point?

You did, but perhaps it was not well made... :-)

STARTTLS isn't supported by Scalix in so far as it isn't implemented by the SMTP relay component of the server, but it is by sendmail, another integral part of the system. When you install Scalix sendmail.cf is modified to include the rules necessary for sendmail to deliver messages to Scalix recipients, so what you can do is:

Configure sendmail to listen on the external interface.

Configure the SMTP relay to listen on port 587 & restart it.

Restart sendmail.

Use sendmail for your mail transfers on port 25 with STARTLS.

Use the SMTP relay for authenticated submission from your users on port 587. You could then add stunnel to this.

HTH.