Re: [Bulk] Re: tls proxy in front of spamd?

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Jussi Peltola

Subject: Re: [Bulk] Re: tls proxy in front of spamd?

Date: Wednesday, May 5, 2010 - 5:21 pm

On Wed, May 05, 2010 at 07:27:46PM +0100, Kevin Chadwick wrote:
quoted text> Of course, if it's your mail server and clients you can use ips without
> dns have certficates tied to those ips and even block or monitor resets,
> none of which can be done with starttls and it is also a smaller window
> of opportunity. You can always reset the starttls too and man in the
> middle that, just one less opportunity.
> 

If it's your mail server and clients you can just force certificate
checking on the hosts you want to connect to with tls. Using a different
port adds no cryptographic security (authentication) at all, so it's
useless complexity.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: tls proxy in front of spamd?, Ted Unangst, (Tue May 4, 1:08 pm)

Re: tls proxy in front of spamd?, Hugo Villeneuve, (Tue May 4, 5:57 pm)

Re: tls proxy in front of spamd?, Kevin Chadwick, (Wed May 5, 1:46 am)

Re: tls proxy in front of spamd?, Peter N. M. Hansteen, (Wed May 5, 3:18 am)

Re: tls proxy in front of spamd?, Kevin Chadwick, (Wed May 5, 7:30 am)

tls proxy in front of spamd?, Kevin Chadwick, (Wed May 5, 8:06 am)

Re: tls proxy in front of spamd?, Jussi Peltola, (Wed May 5, 8:41 am)

Re: [Bulk] Re: tls proxy in front of spamd?, Kevin Chadwick, (Wed May 5, 11:27 am)

Re: [Bulk] Re: tls proxy in front of spamd?, Jussi Peltola, (Wed May 5, 5:21 pm)

Re: tls proxy in front of spamd?, Chris Dukes, (Thu May 6, 10:00 am)

Re: [Bulk] Re: tls proxy in front of spamd?, Kevin Chadwick, (Wed May 12, 3:12 pm)


linux-kernel:
Ingo Molnar	Re: [PATCH 0/3] v2 Make hierarchical RCU less IPI-happy and add more tracing
Jeremy Fitzhardinge	Re: Linux 2.6.28.10 and Linux 2.6.29.6 XEN Guest Support Broken x86_64 in BUILD
Nick Piggin	Re: [patch] CFS (Completely Fair Scheduler), v2
Gary Hade	Re: [PATCH 0/5][RFC] Physical PCI slot objects
Dave Johnson	Re: expected behavior of PF_PACKET on NETIF_F_HW_VLAN_RX device?
linux-netdev:
Arnd Bergmann	Re: 64-bit net_device_stats
Stephens, Allan	RE: [PATCH]: tipc: Fix oops on send prior to entering networked mode
frank.blaschka	[patch 3/5] [PATCH] qeth: support z/VM VSWITCH Port Isolation
Wu Fengguang	Re: [PATCH] dm9601: handle corrupt mac address
David Miller	Re: [PATCH net-2.6.24] Fix refcounting problem with netif_rx_reschedule()
git:
Junio C Hamano	Re: [PATCH] [RFC] add Message-ID field to log on git-am operation
Junio C Hamano	Re: Handling large files with GIT
Karl	Re: [ANNOUNCE] pg - A patch porcelain for GIT
Josh Triplett	Re: [RFC][PATCH 00/10] Sparse: Git's "make check" target
Pierre Habouzit	Re: [PATCH] git-daemon: more powerful base-path/user-path settings, using formats.
git-commits-head:
Linux Kernel Mailing List	MIPS: RBTX4939: Fix IOC pin-enable register updating
Linux Kernel Mailing List	regulator: update email address for Liam Girdwood
Linux Kernel Mailing List	[SCSI] ipr: add message to error table
Linux Kernel Mailing List	powerpc/32: Wire up the trampoline code for kdump
Linux Kernel Mailing List	USB: omap_udc: sync with OMAP tree
openbsd-misc:
Josh Grosse	Re: error : pkg add phpMyAdmin
Brian Candler	Re: OBSD's perspective on SELinux
Jacob Meuser	Re: /dev/audio: Device busy
David Vasek	Re: Inexpensive, low power, "wall wart" computer
William Boshuck	Re: Richard Stallman...