On Tue September 4 2007 2:01:56 am Marc Haber wrote: > 2.2.1 says "Exim will use TLS via STARTTLS automatically as clint if > the server Exim connects to offers it." > > Would adding something like this help: > "This means that you won't need any special configuration if you want > to use TLS for outgoing mail. However, if your server wants to see a > client certificate, you need to amend your remote_smtp and/or > remote_smtp_smarthost transports with a tls_certificate option. The > certificate presented by the remote host is not checked unless you > specify a tls_verify_certificate option on the transport."
Yes, that would be an excellent addition. > It should just work. Using client certificates is secure, but kind of > exotic (I have never seen a mail system requiring client certificates > in the wild, and I see a number of new mail systems each day at work). It is used here for authentication for forwarding. It seems a nice alternative to SMTP AUTH or some other such thing, especially since client certificates can have built-in expiration dates. > An experienced user could have seen that a macro with a MAIN_ prefix > is probably not being used inside a transport, especially because all > other macros used in the remote_smtp(_smarthost) transports are > prefixe REMOTE_SMTP_. I may not be an experienced user, but it seemed that turning something on in MAIN would turn it on everywhere. I would also greatly appreciate a comment in the conf.d/main/ TLS file about this. -- John -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
