| Italy Anonymous Remailer 2005-04-21, 5:45 pm |
| In article <BAYC1-PASMTP0156424F3F7B454E2E489ADB2C0@cez.ice>
Admin <admin@parsifal.weedns.com> wrote:
>
> On Thu, 21 Apr 2005 13:32:16 +0000, Anonymous wrote:
>
>
> That's almost worth a smile.
>
> Several people have offered help, including the suggestion to use stunnel.
> I found that stunnel allows for pop, but the smtp problem is tougher. It
> seems it has something to do with the fact that the isp uses tls, and it
> looks like stunnel doesn't work with that.
>
> One interesting suggestion was to use port 25 in stunnel instead of 465.
> In other words, not to do any port conversion. There was some highly
> technical reason for doing that; in any case, it didn't work either, and,
> from reading the discussion that looking up the error message led to, it
> seems that stunnel won't work with tls.
If you use port 25 and TLS (which stunnel won't do) then you are
trusting the ISP with the data. TLS just prevents interception
between you and the ISP. If you are prepared to accept that (and
I would), why not just use the ISP as smarthost in the clear
anyway?
> As an additional kludge, I'm wondering if something like Pegaus mail, the
> complementary mail client to the mercury mail server, can do the job of
> using tls. I'm wondering about that, because Pegaus allows for the same
> type of 'folder' - can't think of the correct term, that mercury uses. So
> that if pegasus can be used for the smtp, then mercury can do the
> filtering and redirecting of messages, passing the output to Pegasus for
> writing out.
Mercury can do TLS (and SSL) itself. No need to use Pegasus mail
(which wouldn't be the right program to use anyway, as it's not
an MTA).
> If this 'tls' thing is really the latest wrinkle in the ssl family, then
> stunnel, and other port conversion utilities, will undoubtedly incorporate
> it, probably sooner than later.
>
> I'll be back.
TLS relies upon a regular SMTP connection being formed first and
then TLS is incorporated into the connection. SMTPS (SSL on port
465) is becoming redundant, even though it is slightly more
secure as it prevents man-in-the-middle type attacks that TLS is
theoretically vulnerable to.
stunnel causes encryption at the outset of the connection -
which is why TLS won't work with it but SSL will.
Just use the ISP's smarthost and continue. Set up Mercury to use
TLS/SSL when available, fallback to port 587 / 2525 and finally
fall back to port 25 of the ISP smarthost (with TLS or not).
|