Hi David,
David Saez Padros wrote:
>
> Hi !!
>
> > I may be able to receive your e-mail over SMTP/TLS
> > if your credential for MX have been registered on
> > various CAs.
>
> My or your certificate ?? As I know Exim just uses the certificate
> for end-to-end encryption, it does not check with any CA (??)
If you are interested only in encryption, no need
for TLS certificate verification.
From your original post, the peer (mauimail.com) did
not provide server certificate to you.
BTW Philip, How does exim verify CA-signed certificate
without rootCA certificate ?
I think certificate verification is not OpenSSL matter.
Sorry about it because I don't know well about it.
>
> > I have only relf-signed credential at this moment
> > because I don't have such $$$ for my MX.
>
> Me too.
Toooooooooo EXXXXXXXXXpensive for us :-(
>
> > IMHO, retry w/o TLS is not required on failure
> > of TLS session.
>
> But, after all retries has done without success the message is not
> delivered, so NO message will be delivered to that server using TLS
> which is not a very good situation unless one of the ends takes some
> measures.
For what purpose do you use TLS ?
If your requirement is to encrypt e-mail messages,
exposing e-mail messages is much worse than undelivered,
IMHO.
My interest is in authentication of the connection.
Encryption can be made with another way on apllication
layer, such as PGP.
Sorry for my terrible English...
>
> --
--
Toshio Kumagai (Toshio_Kumagai@???), Japan
