diff man/masqmail.route.5 @ 223:9814e75de61c

updated docs to STARTTLS wrappers
author meillo@marmaro.de
date Fri, 23 Jul 2010 11:18:20 +0200
parents 8cddc65765bd
children 9397d10fd771
line wrap: on
line diff
--- a/man/masqmail.route.5	Fri Jul 23 10:57:53 2010 +0200
+++ b/man/masqmail.route.5	Fri Jul 23 11:18:20 2010 +0200
@@ -80,7 +80,7 @@
 after opening the connection.
 Instead it says EHLO right away (ESMTP is assumed).
 Use this option with wrappers that eat the 220 greeting of the SMTP server.
-Common examples are STARTTLS wrappers, like `openssl -starttls smtp ...'.
+Common examples are STARTTLS wrappers, like `openssl s_client -starttls smtp ...'.
 
 If this option is set and a 220 greeting is received though,
 everything should still work.
@@ -188,8 +188,9 @@
 the local parts (the keys) are separated from the addresses (the values) by colons (`:').
 
 Example:
-
+.nf
 map_h_from_addresses = "john: John Smith <jsmith@mail.academic.edu>; charlie: Charlie Miller <cmiller@mx.commercial.com>"
+.fi
 
 You can use patterns, eg. * as keys.
 
@@ -214,8 +215,9 @@
 The most important difference is that RFC 821 addresses have no full name.
 
 Example:
-
+.nf
 map_return_path_addresses = "john: <jsmith@mail.academic.edu>; charlie: <cmiller@mx.commercial.com>"
+.fi
 
 You can use patterns, eg. * as keys.
 
@@ -275,17 +277,24 @@
 \fIcommand\fR will be called and all traffic will be piped to its stdin and from its stdout.
 Purpose is to tunnel ip traffic, eg. for ssl.
 
-Example for ssl tunneling:
+Example for SMTP over SSL tunneling:
+.nf
+wrapper="/usr/bin/openssl s_client \-quiet \-connect mail.gmx.net:465 2>/dev/null"
+.fi
 
-wrapper="/usr/bin/openssl s_client \-quiet \-connect mail.gmx.net:465 2>/dev/null"
+SMTP over SSL is supported since masqmail-0.1.8.
+It is marked obsolete by the IETF but is still in use.
+
 
-Note: The above line works with masqmail,
-but listening on Port 465 for SSL-encrypted connections is deprecated.
-The modern way is STARTTLS (RFC-3207).
-This could be covered by the following command.
-Unfortunately, masqmail doesn't support that yet (as of 0.2.25).
+Example for encryption with STARTTLS (RFC-3207):
+.nf
+# don't forget the instant_helo, otherwise it won't work
+instant_helo=true
+wrapper="/usr/bin/openssl s_client \-quiet \-starttls smtp \-connect mail.gmx.net:25 2>/dev/null"
+.fi
 
-wrapper="/usr/bin/openssl s_client \-quiet \-starttls smtp \-connect mail.gmx.net:25 2>/dev/null"
+This is supported since masqmail-0.2.28.
+STARTTLS supersedes SMTP over SSL.
 
 Note for openssl:
 Ensure that stderr is redirected.