On Mon, 2005-08-29 at 22:22, Jonathan Berry wrote: > > > > send though a local smtp server. The roaming on is a > I don't know about this. Even if one is there, I have no idea where > it is. Is there a way to find a server that might be there but I > don't know about? Ask whoever provides the internet connection. > > Stunnel works very much like the xinetd proxy, but the connecting side > > runs over ssl. The client side of this is built into many email > > programs that know how to use port 465 for a secure connection. The > > 'back end' conection runs unencrypted so sending on port 25 to the > > smtp server automatically works. > > Yeah, I've figured out that much :). Now, what I'm not sure about is > how the ssl stuff works. Does the client need to have the certificate > to connect, or is it like https where the cert is transferred > automatically? That's up to the stunnel config. It doesn't have to require a client cert. > If it is automatic, is it more secure because whatever > is connecting must know to use ssl? Normally the 'secure' part involves keeping 3rd parties from being able to intercept and decipher the traffic. In the context of your own mail server you might require ssl and a login/password authentication to permit mail relaying instead of a client certificate. The point of ssl would be mostly to avoid sending the password in clear text. > I've been trying to find > documentation on setting up stunnel, but am having trouble finding > useful stuff. Some stuff is on stunnel 3 rather than 4, which is very > different in setup and use. I have found some things on OpenSSL to > try to figure out the certificate stuff, but cannot seem to find the > necessary things on Fedora. OpenSSL is installed according to RPM, > but I cannot find some things mentioned in the docs I have found. Your fedora install should have some things set up in /usr/share/ssl/certs. If you cd there and enter: "make stunnel.pem" it should prompt you through building a server certificate that will be all you need if you don't require matching client certs. -- Les Mikesell lesmikesell@xxxxxxxxx