Hi,
I know that this thread if off-topic, so I looking for some direction and I would like to thanks everyone that can give some "light". I'll undestand if it's not possible and not post again asking for this.
In the toaster we setup two run scripts for pop protocol: one for pop3d and another for popd3s. So, the pop3ds run script uses stunnel to create an encrypted tunnel between client and server. To smtp, that have the TLS patch it's not necessary. You can obtain a secure connection with STARTTLS, right?
My question is if I need for any reason two services, one with TLS/SSL (I'm confused about diferences between TLS and SSL) on port 465 and another without on port 25 then I don't need TLS patch cause I can setup my run file using stunnel for smtps like pop3ds. Is this correct? I assume that how clients work fine with pop3ds they will with smtps, right?
It's not clear to me. Maybe somebody with that experience can share some tips or point me to some read... I have not too much luck with google on that.
I believe SSL happens before the POP or SMTP protocol. TLS is usually started during the protocol, with the STARTTLS command.
I also think that the TLS patch for qmail-smtpd can recognize if the port is 465, and can to SSL instead, although I haven't tested it. Meaning, if you needed SSL for some reason, you may get away with just another instance of qmail-smtpd on that port, rather than getting stunnel involved.
Regards,
Bill
