1.1 --- a/man/masqmail.route.5	Fri Jul 23 10:57:53 2010 +0200
     1.2 +++ b/man/masqmail.route.5	Fri Jul 23 11:18:20 2010 +0200
     1.3 @@ -80,7 +80,7 @@
     1.4  after opening the connection.
     1.5  Instead it says EHLO right away (ESMTP is assumed).
     1.6  Use this option with wrappers that eat the 220 greeting of the SMTP server.
     1.7 -Common examples are STARTTLS wrappers, like `openssl -starttls smtp ...'.
     1.8 +Common examples are STARTTLS wrappers, like `openssl s_client -starttls smtp ...'.
     1.9  
    1.10  If this option is set and a 220 greeting is received though,
    1.11  everything should still work.
    1.12 @@ -188,8 +188,9 @@
    1.13  the local parts (the keys) are separated from the addresses (the values) by colons (`:').
    1.14  
    1.15  Example:
    1.16 -
    1.17 +.nf
    1.18  map_h_from_addresses = "john: John Smith <jsmith@mail.academic.edu>; charlie: Charlie Miller <cmiller@mx.commercial.com>"
    1.19 +.fi
    1.20  
    1.21  You can use patterns, eg. * as keys.
    1.22  
    1.23 @@ -214,8 +215,9 @@
    1.24  The most important difference is that RFC 821 addresses have no full name.
    1.25  
    1.26  Example:
    1.27 -
    1.28 +.nf
    1.29  map_return_path_addresses = "john: <jsmith@mail.academic.edu>; charlie: <cmiller@mx.commercial.com>"
    1.30 +.fi
    1.31  
    1.32  You can use patterns, eg. * as keys.
    1.33  
    1.34 @@ -275,17 +277,24 @@
    1.35  \fIcommand\fR will be called and all traffic will be piped to its stdin and from its stdout.
    1.36  Purpose is to tunnel ip traffic, eg. for ssl.
    1.37  
    1.38 -Example for ssl tunneling:
    1.39 +Example for SMTP over SSL tunneling:
    1.40 +.nf
    1.41 +wrapper="/usr/bin/openssl s_client \-quiet \-connect mail.gmx.net:465 2>/dev/null"
    1.42 +.fi
    1.43  
    1.44 -wrapper="/usr/bin/openssl s_client \-quiet \-connect mail.gmx.net:465 2>/dev/null"
    1.45 +SMTP over SSL is supported since masqmail-0.1.8.
    1.46 +It is marked obsolete by the IETF but is still in use.
    1.47  
    1.48 -Note: The above line works with masqmail,
    1.49 -but listening on Port 465 for SSL-encrypted connections is deprecated.
    1.50 -The modern way is STARTTLS (RFC-3207).
    1.51 -This could be covered by the following command.
    1.52 -Unfortunately, masqmail doesn't support that yet (as of 0.2.25).
    1.53  
    1.54 +Example for encryption with STARTTLS (RFC-3207):
    1.55 +.nf
    1.56 +# don't forget the instant_helo, otherwise it won't work
    1.57 +instant_helo=true
    1.58  wrapper="/usr/bin/openssl s_client \-quiet \-starttls smtp \-connect mail.gmx.net:25 2>/dev/null"
    1.59 +.fi
    1.60 +
    1.61 +This is supported since masqmail-0.2.28.
    1.62 +STARTTLS supersedes SMTP over SSL.
    1.63  
    1.64  Note for openssl:
    1.65  Ensure that stderr is redirected.