On Sun, Jun 19, 2005 at 07:05:06AM +0800, Wenzhuo Zhang wrote: > On Sat, Jun 18, 2005 at 10:59:37AM +0200, Marc Haber wrote: > > As Andreas spotted correctly, conf.d/main/03_exim4-config_tlsoptions > > only controls verification of the client certificates. For server > > certificate checking, you need to add the configuration option to the > > SMTP transport. > > > > I am reluctant to add infrastructure for this to the default > > configuration, since this is quite rarely used, and could break mail > > delivery. > > My personal experiences tell me that SMTP AUTH over TLS is a very common > setup.
SMTP AUTH over TLS with actual verification of the server certificate is not very common nowadays. > > I have, however clarified the documentation in > > conf.d/main/03_exim4-config_tlsoptions to clearly say that this option > > here only concernd client certificates and added a hint where to > > configure server certificate verification. > > How about adding a macro, say MAIN_TLS_VERIFY_SMARTHOST, to > conf.d/transport/30_exim4-config_remote_smtp_smarthost? Where should the package automatically obtain the CA certificate to verify the server against? How to handle the case of delivering two different smarthost, one of them having a self-signed certificate? You're suggesting to open a can of worms here. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
