On Thu, Jun 16, 2005 at 12:18:17AM +0800, Wenzhuo Zhang wrote: > The Postfix smarthost allows relay only if clients successfully > authenticate (SMTP AUTH) through a TLS session. If it's a plain-text > session, SMTP clients won't be able to authenticate. The SSL certficate > of the smarthost is signed by a do-it-yourself CA. > > exim4 client can relay through the smarthost, and I have the following > entries in /etc/exim4/exim4.conf.localmacros: > > MAIN_TLS_VERIFY_CERTIFICATES = /etc/exim4/cacert.crt > MAIN_TLS_VERIFY_HOSTS = mail.linux-vs.org > > /etc/exim4/cacert.crt is the certificate of the do-it-yourself CA. > However, even after I replace it with a random authorized CA certificate > and restart the exim4 daemon, the exim4 client can still relay through > the smarthost. > > Isn't tls_verify_certificates supposed to verify the server certificate > as well?
It should. However, that code is not very well tested. Can you give me an SMTP AUTH account on the smarthost to try it myself? Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
