From owner-freebsd-questions@FreeBSD.ORG  Tue Jun  3 14:29:10 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1AE4137B401
	for <freebsd-questions@freebsd.org>;
	Tue,  3 Jun 2003 14:29:10 -0700 (PDT)
Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.97])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9BF2243F85
	for <freebsd-questions@freebsd.org>;
	Tue,  3 Jun 2003 14:29:09 -0700 (PDT)	(envelope-from cswiger@mac.com)
Received: from mac.com (smtpin07-en2 [10.13.10.152])
	by smtpout.mac.com (Xserve/MantshX 2.0) with ESMTP id h53LT91w000995
	for <freebsd-questions@freebsd.org>;
	Tue, 3 Jun 2003 14:29:09 -0700 (PDT)
Received: from mac.com (dpvc-68-161-244-25.ny325.east.verizon.net
	[68.161.244.25])	(authenticated bits=0)
	by mac.com (Xserve/MantshX 2.0) with ESMTP id h53LSJvf011169
	for <freebsd-questions@freebsd.org>;
	Tue, 3 Jun 2003 14:28:40 -0700 (PDT)
Date: Tue, 3 Jun 2003 17:30:59 -0400
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v552)
From: Charles Swiger <cswiger@mac.com>
To: freebsd-questions@freebsd.org
Content-Transfer-Encoding: 7bit
In-Reply-To: <20030603210515.M35572@enabled.com>
Message-Id: <AB5043AA-960A-11D7-8522-003065ABFD92@mac.com>
X-Mailer: Apple Mail (2.552)
Subject: Re: secure SMTP and cygnus-sasl handling
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jun 2003 21:29:10 -0000

On Tuesday, June 3, 2003, at 05:08 PM, admin wrote:
> well I am a little new at the stunnel/secure SMTP options here so 
> pardon the
> simple question.  But I am reviewing all the documentation but cant 
> seem to
> figure out the answer here.  I am using cygnus-sasl as the method of 
> SMTP
> authentication.

"cyrus-sasl"...?

> I am using stunnel to map from port 465 to port 25 for SMTP 
> authentication.
> but I want to make it so users going directly to port 25 cannot 
> authenticate.
> their only option is authenticate through port 465 via stunnel.

Have a firewall block port 25 to this mail server, and only permit the 
users to talk to 465.  Of course, you are running stunnel on the mail 
server or it's local network, right?

> are there other applications that I need to consider here?

Sendmail will do STARTTLS if both sides support it, and you can even 
configure things to not permit plain text authentication (AUTH LOGIN) 
unless TLS/SSL has been negotiated.

-- 
-chuck