Re: tls vs ssl

From: Victor Duchovni (no email)
Date: Tue Mar 02 2010 - 15:42:12 EST

  • Next message: Alex: "Re: Postfix TLS requirements"

    On Tue, Mar 02, 2010 at 12:30:21PM -0800, Daniel L. Miller wrote:

    > Ok - inferring from that, I tried:
    > 192.168.0.110:128 inet n - - - - smtpd
    > -o smtpd_tls_wrappermode=yes
    > -o smtpd_sasl_auth_enable=yes
    > -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    >
    > Now connecting from Thunderbird SSL works - TLS does not. Just confirming
    > - is this expected and proper behaviour?

    Yes, of course. SSL after SMTP won't work with a service that runs SMTP
    after SSL. The "SMTP inside SSL" service and "SSL inside SMTP" services
    are not inter-operable and cannot be deployed on the same port.

    The "SMTP over SSL" service (wrappermode=yes) is a legacy non-standard
    service and should be phased out once all clients support "SSL over SMTP"
    (aka STARTTLS).

    -- 
    	Viktor.
    P.S. Morgan Stanley is looking for a New York City based, Senior Unix
    system/email administrator to architect and sustain our perimeter email
    environment.  If you are interested, please drop me a note.
    

  • Next message: Alex: "Re: Postfix TLS requirements"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD