Mercurial > masqmail
diff man/masqmail.route.5 @ 223:9814e75de61c
updated docs to STARTTLS wrappers
| author | meillo@marmaro.de |
|---|---|
| date | Fri, 23 Jul 2010 11:18:20 +0200 |
| parents | 8cddc65765bd |
| children | 9397d10fd771 |
line wrap: on
line diff
--- a/man/masqmail.route.5 Fri Jul 23 10:57:53 2010 +0200 +++ b/man/masqmail.route.5 Fri Jul 23 11:18:20 2010 +0200 @@ -80,7 +80,7 @@ after opening the connection. Instead it says EHLO right away (ESMTP is assumed). Use this option with wrappers that eat the 220 greeting of the SMTP server. -Common examples are STARTTLS wrappers, like `openssl -starttls smtp ...'. +Common examples are STARTTLS wrappers, like `openssl s_client -starttls smtp ...'. If this option is set and a 220 greeting is received though, everything should still work. @@ -188,8 +188,9 @@ the local parts (the keys) are separated from the addresses (the values) by colons (`:'). Example: - +.nf map_h_from_addresses = "john: John Smith <jsmith@mail.academic.edu>; charlie: Charlie Miller <cmiller@mx.commercial.com>" +.fi You can use patterns, eg. * as keys. @@ -214,8 +215,9 @@ The most important difference is that RFC 821 addresses have no full name. Example: - +.nf map_return_path_addresses = "john: <jsmith@mail.academic.edu>; charlie: <cmiller@mx.commercial.com>" +.fi You can use patterns, eg. * as keys. @@ -275,17 +277,24 @@ \fIcommand\fR will be called and all traffic will be piped to its stdin and from its stdout. Purpose is to tunnel ip traffic, eg. for ssl. -Example for ssl tunneling: +Example for SMTP over SSL tunneling: +.nf +wrapper="/usr/bin/openssl s_client \-quiet \-connect mail.gmx.net:465 2>/dev/null" +.fi -wrapper="/usr/bin/openssl s_client \-quiet \-connect mail.gmx.net:465 2>/dev/null" +SMTP over SSL is supported since masqmail-0.1.8. +It is marked obsolete by the IETF but is still in use. + -Note: The above line works with masqmail, -but listening on Port 465 for SSL-encrypted connections is deprecated. -The modern way is STARTTLS (RFC-3207). -This could be covered by the following command. -Unfortunately, masqmail doesn't support that yet (as of 0.2.25). +Example for encryption with STARTTLS (RFC-3207): +.nf +# don't forget the instant_helo, otherwise it won't work +instant_helo=true +wrapper="/usr/bin/openssl s_client \-quiet \-starttls smtp \-connect mail.gmx.net:25 2>/dev/null" +.fi -wrapper="/usr/bin/openssl s_client \-quiet \-starttls smtp \-connect mail.gmx.net:25 2>/dev/null" +This is supported since masqmail-0.2.28. +STARTTLS supersedes SMTP over SSL. Note for openssl: Ensure that stderr is redirected.