Forum OpenACS Development: Re: SMTPS for outgoing mails

Posted by Gustaf Neumann on
AFIKT, the smtp support in the most actual tcllib (1.17) together with the most actual version of libtls (1.6.7) work fine. It supports e.g. the on-the-fly upgrade of plain text connections (port 25) to tls connections via STARTTLS. This is not suitable in cases, where you have more the 1024 concurrent open connections, in which case tcl-async io will break on most systems, due to select() limitations. We use the tcllib module with libtls in production (sending several 1000 mails per day).

The NaviServer smtp module does currently not help, since it supports currently only plain text. I have no experience with the nginx module, but both approaches require integration with acs-mail-lite.

Posted by Antonio Pisano on
Another approach I have applied with success is to configure ACS Mail Lite to just send mail to the local smtp server (postfix or exim in my case) and let it deal with the actual sending, to a relay or by its own, and supporting encryption.

This was suggested by Maurizio Martignano some time ago, and looked like a good idea, because it moves the problem from the application to plain system administration.

Posted by Cesareo Garci­a Rodicio on
Hi Michael

I'm using postfix too as local smtp server and TLS tested[1]. So if your client are allowed to admin an email server I think that's the best option


Posted by Michael Aram on
I ended up with the configuration you mentioned: OpenACS delivers to localhost:25, where a Postfix that is configured as a "satellite" forwards it to an SMTP server.

(I did not manage to get tcllib/tlctls to work with the client's mailserver, most probably because of issues with their "custom" certificate chain; connection testing via openssl and gnutls did work in the end, but only when pointing them to the right certificate etc... Anyhow, as using Postfix with all its bells and whistles seemed to me as the more convenient option anyway (one can easily inspect the mailqueue, has nice logging of the mailserver-communication, etc...), I decided to not go further down the tcllib road.)

Thank you all for your input!