[unisog] Rejecting incoming mail with from addresses in your own domain.

Steve VanDevender stevev at darkwing.uoregon.edu
Tue Jul 22 17:47:08 GMT 2003


Reg Quinton writes:
 > >  And our mail server doesn't support old style SMTPS on
 > > a dedicated port which leaves us in quite a bind.
 > 
 > I believe you can "stunnel" a connection (ie. an SSL tunnel) to provide
 > that service.
 > 
 > See http://www.stunnel.org/

Generally not a good idea.  The main problem is that on most OSes the
stunnel connection is seen coming from localhost by your mail server,
bypassing any relay checks or IP-based connection restrictions you might
have.  (I think maybe stunnel on Linux does some kind of trick to make
the remote address look the same to your mail server as it does to
stunnel).  Spammers are already searching out machines with TLS and weak
(or no) authentication to inject spam through.

The semi-conventional port used for SMTP-over-SSL (465) is actually
registered with the IANA for another protocol, anyway.  STARTTLS is
really the standard way of doing this.



More information about the unisog mailing list