# HG changeset patch # User meillo@marmaro.de # Date 1279871823 -7200 # Node ID ed96d7054b9b976eab6c7b95406f457d58c53eb3 # Parent 349518b940dbbcfdf3be308b76de6a1bb66e9e1a updated masqmail.route(5) to STARTLS wrappers diff -r 349518b940db -r ed96d7054b9b man/masqmail.route.5 --- a/man/masqmail.route.5 Thu Jul 22 23:30:05 2010 +0200 +++ b/man/masqmail.route.5 Fri Jul 23 09:57:03 2010 +0200 @@ -188,8 +188,9 @@ the local parts (the keys) are separated from the addresses (the values) by colons (`:'). Example: - +.nf map_h_from_addresses = "john: John Smith ; charlie: Charlie Miller " +.fi You can use patterns, eg. * as keys. @@ -214,8 +215,9 @@ The most important difference is that RFC 821 addresses have no full name. Example: - +.nf map_return_path_addresses = "john: ; charlie: " +.fi You can use patterns, eg. * as keys. @@ -282,17 +284,24 @@ \fIcommand\fR will be called and all traffic will be piped to its stdin and from its stdout. Purpose is to tunnel ip traffic, eg. for ssl. -Example for ssl tunneling: +Example for SMTP over SSL tunneling: +.nf +wrapper="/usr/bin/openssl s_client \-quiet \-connect mail.gmx.net:465 2>/dev/null" +.fi -wrapper="/usr/bin/openssl s_client \-quiet \-connect mail.gmx.net:465 2>/dev/null" +SMTP over SSL is supported since masqmail-0.1.8. +It is now deprecated by the IETF but still in use. -Note: The above line works with masqmail, -but listening on Port 465 for SSL-encrypted connections is deprecated. -The modern way is STARTTLS (RFC-3207). -This could be covered by the following command. -Unfortunately, masqmail doesn't support that yet (as of 0.2.25). +Example for encryption with STARTTLS (RFC-3207): +.nf +# don't forget the instant_helo, otherwise it won't work +instant_helo=true wrapper="/usr/bin/openssl s_client \-quiet \-starttls smtp \-connect mail.gmx.net:25 2>/dev/null" +.fi + +This is supported since masqmail-0.2.28. +STARTTLS supersedes SMTP over SSL. Note for openssl: Ensure that stderr is redirected.