Re: [vps-mail] SSL-secure SMTP on VPS / VPS1 blocked?

["Bennett Lanford" <ben@xxxxxxxxxxxxx>]

On Tue, January 18, 2005 1:15 pm, John Lock said:
> At 05:57 PM 1/18/2005 +0100, Godwin Stewart wrote:
>> > (However, because of the nature of the SMTP protocol, on the Internet
>> at
>> > large there is no guarantee that e-mail encrypted for one phase of its
>> > delivery will be encrypted at every step of its journey.)
>>
>>Exactly. The only way to achieve full encryption for the complete
>> delivery
>>chain is to encrypt the data at the source and to send that already
>>encrypted data over a normal connection.
>
> All true, and good information.  However, the major issue for me is to
> merely have the SMTP authorization conversation with the VPS encrypted.  9
> times out of 10, I don't care if the content is encrypted.  I just want to
> make sure the login info doesn't leak out.

That's all I use STARTTLS for on my servers. The tutorial at
http://www.technoids.org/starttlstut.html tells how to do that.

(SMTP AUTH *does* support encrypted methods. But M$'s Outlook Express
doesn't support encrypted SMTP AUTH. ... So using the plain text LOGIN
method that Microsoft supports, and tunneling through with STARTTLS and
self-signed certs gives you the encryption you need. In this case,
spending money for commercial certs is a waste of money, IMHO.)

-- 
Bennett Lanford <ben@xxxxxxxxxxxxx>

There are 10 kinds of people: those that understand binary and those that
don't.
======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).