Mercurial > masqmail
comparison man/masqmail.route.5 @ 223:9814e75de61c
updated docs to STARTTLS wrappers
author | meillo@marmaro.de |
---|---|
date | Fri, 23 Jul 2010 11:18:20 +0200 |
parents | 8cddc65765bd |
children | 9397d10fd771 |
comparison
equal
deleted
inserted
replaced
222:8cddc65765bd | 223:9814e75de61c |
---|---|
78 | 78 |
79 If this is set, masqmail does not wait for the greeting of the SMTP server | 79 If this is set, masqmail does not wait for the greeting of the SMTP server |
80 after opening the connection. | 80 after opening the connection. |
81 Instead it says EHLO right away (ESMTP is assumed). | 81 Instead it says EHLO right away (ESMTP is assumed). |
82 Use this option with wrappers that eat the 220 greeting of the SMTP server. | 82 Use this option with wrappers that eat the 220 greeting of the SMTP server. |
83 Common examples are STARTTLS wrappers, like `openssl -starttls smtp ...'. | 83 Common examples are STARTTLS wrappers, like `openssl s_client -starttls smtp ...'. |
84 | 84 |
85 If this option is set and a 220 greeting is received though, | 85 If this option is set and a 220 greeting is received though, |
86 everything should still work. | 86 everything should still work. |
87 Please don't rely on that and keep in mind that RFC 2821 says that the client | 87 Please don't rely on that and keep in mind that RFC 2821 says that the client |
88 SHOULD wait for the 220 greeting of the server. | 88 SHOULD wait for the 220 greeting of the server. |
186 This is similar to \fBset_h_from_domain\fR, but more flexible. | 186 This is similar to \fBset_h_from_domain\fR, but more flexible. |
187 Set this to a list which maps local parts to a full RFC 822 compliant email address, | 187 Set this to a list which maps local parts to a full RFC 822 compliant email address, |
188 the local parts (the keys) are separated from the addresses (the values) by colons (`:'). | 188 the local parts (the keys) are separated from the addresses (the values) by colons (`:'). |
189 | 189 |
190 Example: | 190 Example: |
191 | 191 .nf |
192 map_h_from_addresses = "john: John Smith <jsmith@mail.academic.edu>; charlie: Charlie Miller <cmiller@mx.commercial.com>" | 192 map_h_from_addresses = "john: John Smith <jsmith@mail.academic.edu>; charlie: Charlie Miller <cmiller@mx.commercial.com>" |
193 .fi | |
193 | 194 |
194 You can use patterns, eg. * as keys. | 195 You can use patterns, eg. * as keys. |
195 | 196 |
196 .TP | 197 .TP |
197 \fBmap_h_reply_to_addresses\fR = \fIlist\fR | 198 \fBmap_h_reply_to_addresses\fR = \fIlist\fR |
212 the local parts (the keys) are separated from the addresses (the values) by colons (`:'). | 213 the local parts (the keys) are separated from the addresses (the values) by colons (`:'). |
213 Note that this option takes RFC 821 addresses while \fBmap_h_from_addresses\fR takes RFC 822 addresses. | 214 Note that this option takes RFC 821 addresses while \fBmap_h_from_addresses\fR takes RFC 822 addresses. |
214 The most important difference is that RFC 821 addresses have no full name. | 215 The most important difference is that RFC 821 addresses have no full name. |
215 | 216 |
216 Example: | 217 Example: |
217 | 218 .nf |
218 map_return_path_addresses = "john: <jsmith@mail.academic.edu>; charlie: <cmiller@mx.commercial.com>" | 219 map_return_path_addresses = "john: <jsmith@mail.academic.edu>; charlie: <cmiller@mx.commercial.com>" |
220 .fi | |
219 | 221 |
220 You can use patterns, eg. * as keys. | 222 You can use patterns, eg. * as keys. |
221 | 223 |
222 .TP | 224 .TP |
223 \fBexpand_h_sender_address\fR = \fIboolean\fR | 225 \fBexpand_h_sender_address\fR = \fIboolean\fR |
273 | 275 |
274 If set, instead of opening a connection to a remote server, | 276 If set, instead of opening a connection to a remote server, |
275 \fIcommand\fR will be called and all traffic will be piped to its stdin and from its stdout. | 277 \fIcommand\fR will be called and all traffic will be piped to its stdin and from its stdout. |
276 Purpose is to tunnel ip traffic, eg. for ssl. | 278 Purpose is to tunnel ip traffic, eg. for ssl. |
277 | 279 |
278 Example for ssl tunneling: | 280 Example for SMTP over SSL tunneling: |
279 | 281 .nf |
280 wrapper="/usr/bin/openssl s_client \-quiet \-connect mail.gmx.net:465 2>/dev/null" | 282 wrapper="/usr/bin/openssl s_client \-quiet \-connect mail.gmx.net:465 2>/dev/null" |
281 | 283 .fi |
282 Note: The above line works with masqmail, | 284 |
283 but listening on Port 465 for SSL-encrypted connections is deprecated. | 285 SMTP over SSL is supported since masqmail-0.1.8. |
284 The modern way is STARTTLS (RFC-3207). | 286 It is marked obsolete by the IETF but is still in use. |
285 This could be covered by the following command. | 287 |
286 Unfortunately, masqmail doesn't support that yet (as of 0.2.25). | 288 |
287 | 289 Example for encryption with STARTTLS (RFC-3207): |
290 .nf | |
291 # don't forget the instant_helo, otherwise it won't work | |
292 instant_helo=true | |
288 wrapper="/usr/bin/openssl s_client \-quiet \-starttls smtp \-connect mail.gmx.net:25 2>/dev/null" | 293 wrapper="/usr/bin/openssl s_client \-quiet \-starttls smtp \-connect mail.gmx.net:25 2>/dev/null" |
294 .fi | |
295 | |
296 This is supported since masqmail-0.2.28. | |
297 STARTTLS supersedes SMTP over SSL. | |
289 | 298 |
290 Note for openssl: | 299 Note for openssl: |
291 Ensure that stderr is redirected. | 300 Ensure that stderr is redirected. |
292 Do *not* use \-crlf in the wrapper command, because masqmail does already insert CRLF. | 301 Do *not* use \-crlf in the wrapper command, because masqmail does already insert CRLF. |
293 However, you might want to specify \-crlf if you want to test your wrapper command | 302 However, you might want to specify \-crlf if you want to test your wrapper command |