Moderators: ScalixSupport, admin
pete wrote:It would be very nice to be able to support encrypted SMTP. However, if I try to use stunnel to
get an SSL connection to SMTPD on the listening interface, it results in an open relay due to
the fact that the connection appears to come from localhost which is allowed to relay in
smtpd.cfg.
stunnel.conf looks like:
[smtps]
accept=465
connect = [address of interface]:25
Is there any neat way around this?
P
(I saw the HOWTO entry, but was wondering if this could be done with a single address)
ScalixSupport wrote:Hi Ricky,
are you saying you set it up like you suggested and you did not create an open SMTP relay or are you saying what you suggest should work?
Cheers,
Sascha.
ricky wrote:interways1 wrote:What do you mean change to not relay from any local ethernet ports? How do I do that in smtpd.cfg?
Thanks
Chris
Well, don't openly relay from any non-localhost (non 127.0.0.1) ports...
All lP-addresses on the server should ask for SMTP-authentication.
Regards,
Rickard
Code: Select all
cert = /path/to/stunnel-cert.pem
key = /path/to/stunnel-key.pem
[imaps]
accept = 993
connect = 143
[smtps]
accept = 465
connect = 192.168.0.3:25
Code: Select all
RELAY accept 127.0.0.1
RELAY Log_Reject ALL
Code: Select all
swa.email.smtpServer=127.0.0.1
Code: Select all
smtpServer="127.0.0.1"
Code: Select all
RELAY accept .domain.com
The hostname pattern identifies the originating host (or the destination host in the case of the SMTP Relay event).
"... originating host (or in the case of an SMTP relay event either the originating or destination host)".
Code: Select all
cert = /path/to/stunnel-cert.pem
key = /path/to/stunnel-key.pem
Users browsing this forum: No registered users and 11 guests