 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
5 messages in net.sourceforge.lists.courier-users[courier-users] Re: Disabling STARTTL...| From | Sent On | Attachments |
|---|---|---|
| Moshe Gurvich | Jun 2, 2003 9:54 am | |
| Sam Varshavchik | Jun 2, 2003 10:50 am | |
| Moshe Gurvich | Jun 2, 2003 12:13 pm | |
| Anand Buddhdev | Jun 2, 2003 12:47 pm | |
| Sam Varshavchik | Jun 2, 2003 1:23 pm |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | [courier-users] Re: Disabling STARTTLS advertising | Actions... |
|---|---|---|
| From: | Sam Varshavchik (mrs...@courier-mta.com) | |
| Date: | Jun 2, 2003 1:23:48 pm | |
| List: | net.sourceforge.lists.courier-users | |
Moshe Gurvich writes:
Ok, there are many mail servers that have misconfigured TLS, such as:
Jun 1 10:58:52 mail courieresmtpd: error,relay=::ffff:12.111.218.57,msg="540 TLS not available.",cmd: STARTTLS Jun 1 05:06:58 www courieresmtp: id=0015C0F0.3ED65EC2.00006657,from=<***@***>,addr=<***@thecitysource.com>: 454 TLS not available: missing certificate (#4.3.0) Jun 1 06:01:17 www courieresmtp: id=003B831E.3ED389FE.00002EE7,from=<***@***>,addr=<***@kznetworks.com>: 454 TLS not available: missing RSA private key (#4.3.0)
My question is: Is it possible to disable trying to negotiate TLS with any remote host?
You are confusing two completely separate and different things:
TLS for incoming connections, and TLS for outgoing connections.
TLS configuration for incoming connections is set in the esmtpd configuration file.
TLS configuration for outgoing connections is set in the courierd configuration file.
The first log entry shows that TLS is indeed disabled by the ESMTP server, for incoming connections. The first log entry, above, rejects the remote server's STARTTLS command because, indeed, you have disabled STARTTLS for incoming connections.
You have not disabled TLS for outgoing connections, so the server attempts to use STARTTLS with remote host that claim to support it. Certain mail relays are misconfigured so that they advertise STARTTLS availability, but then break when their bluff is called, and the sender requests STARTTLS.
This way hosts that advertise TLS but don't support it won't break the smtp sessions.
----- Original Message ----- From: "Sam Varshavchik" <mrs...@courier-mta.com> To: <cour...@lists.sourceforge.net> Sent: Monday, June 02, 2003 10:39 AM Subject: [courier-users] Re: Disabling STARTTLS advertising
Moshe Gurvich writes:
« HTML content follows »
Hi, I'm trying to disable STARTTLS advertising in SMTP session.
In etc/esmtpd it says that "courieresmtpd will automatically advertise the ESMTP STARTTLS extension if both TLS_CERTFILE and COURIERTLS exist."
I removed TLS_CERTFILE and COURIERTLS from esmtpd and esmtpd-ssl. It still advertises 250-XSECURITY=NONE,STARTTLS
This is not STARTTLS.
How can I disable it?
There's nothing to disable.
------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________ courier-users mailing list cour...@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________ courier-users mailing list cour...@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users