[Oberon] SSL tunnel; was SMTP/SSH tunnel
W B Hacker
wbh at conducive.org
Sat Mar 31 16:17:26 MEST 2007
Easthope wrote:
*SNIP*
>
> wh> a) Specify which IP to listen on:
>
> Doesn't the SSL daemon, rather than the
> MTA, listen on the interface?
Between two equally-SSL-ignorant entities, yes.
But all MTA's in common use have been SSL/TLS 'aware' for *years*.
It is (AFAIK) your Oberon client (only) that needs help from a tunnel.
Or maybe not.... I've never tried to use it for mail.
> wh> See also POP and IMAP use of SSL.
>
> In Oberon, POP and IMAP are ignorant of SSL.
Speaking only for our half-dozen MTA, which, over time, have incuded sendmail,
QMail, Postfix, courier-mta, and Exim:
- we *require* SSL or TLS for authenticating MUA, either smtp-submission or IMAP
(POP was 'buried with honors' some years ago)
- we offer or request TLS when communicating with peer MTA, but do not insist on
it, as there are still a few operators who do not offer/request it. Very few.
>
> If anyone knows of a link to a SSL tunnel
> Howto it would help.
>
http://www.stunnel.org/
'...everything I needed to know, I learned in Kindergarten..'
Came originally from there...
In Peter Rabbit English.. stunnel is just a way to provide apps that need
SSL/TLS capability what they should have had built-in in the first place.
Ergo it is seldom needed at *both* ends, 'coz one end already has the matching
equivalent.
;-)
HTH,
Bill
More information about the Oberon
mailing list