On 8/28/05, Les Mikesell <lesmikesell@xxxxxxxxx> wrote: > On Sat, 2005-08-27 at 17:57, Jonathan Berry wrote: > > > 'fixed client at another location' case you may be able to > > > send though a local smtp server. The roaming on is a > > > > That would be ideal, but I do not know if such a server is available. > > Chances are pretty good that one is there. Or, you could use I don't know about this. Even if one is there, I have no idea where it is. Is there a way to find a server that might be there but I don't know about? [snip] > > > I wouldn't recommend it. A better alternative would be to > > > use 'stunnel' to accept ssl connections with a client certificate > > > > This sounds interesting too. I like the idea of having some auth that > > would be simple to setup. I guess I'll do some reading up on stunnel > > and see if I can get that working. Anyone have any experience with > > stunnel? > > Stunnel works very much like the xinetd proxy, but the connecting side > runs over ssl. The client side of this is built into many email > programs that know how to use port 465 for a secure connection. The > 'back end' conection runs unencrypted so sending on port 25 to the > smtp server automatically works. Yeah, I've figured out that much :). Now, what I'm not sure about is how the ssl stuff works. Does the client need to have the certificate to connect, or is it like https where the cert is transferred automatically? If it is automatic, is it more secure because whatever is connecting must know to use ssl? I've been trying to find documentation on setting up stunnel, but am having trouble finding useful stuff. Some stuff is on stunnel 3 rather than 4, which is very different in setup and use. I have found some things on OpenSSL to try to figure out the certificate stuff, but cannot seem to find the necessary things on Fedora. OpenSSL is installed according to RPM, but I cannot find some things mentioned in the docs I have found. # rpm -qa | grep ssl openssl-devel-0.9.7f-7 mod_ssl-2.0.54-10.1 openssl-0.9.7f-7 This HOWTO looks pretty good, though I've only started reading it: http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html But as an example of not finding things, this part: http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x120.html mentions /etc/openssl.cnf which I don't have, and CA.pl, which I also don't seem to have. Is there something more I need to install? Doing a 'yum list "*ssl*"' shows there is an openssl.i386 package in addition to the i686 one I have installed. Is that just for < 686 CPUs and the 686 package takes advantage of some 686 instructions? Would I get anything else by installing from source? Can anyone offer some help with this? > > > required and forward t o your isp, or run your own mail server > > > with ssl on port 465 or port 587 with TLS and require authenticated > > > logins for SMTP forwarding. Most current mail clients support > > > > Might as well use Gmail if I'm to go that far. Less to have to keep track of. > > It does seem like the easiest solution. But not nearly as much fun ;). Thanks, Jonathan
