Re: [Exim] STARTTLS Error

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Toshio Kumagai
Data:  
Para: David Saez Padros
CC: Philip Hazel, exim-users
Asunto: Re: [Exim] STARTTLS Error
Hi David,

David Saez Padros wrote:
>
> Hi !!
>
> >         I may be able to receive your e-mail over SMTP/TLS
> >         if your credential for MX have been registered on
> >         various CAs.

>
> My or your certificate ?? As I know Exim just uses the certificate
> for end-to-end encryption, it does not check with any CA (??)


    If you are interested only in encryption, no need
    for TLS certificate verification.
    From your original post, the peer (mauimail.com) did
    not provide server certificate to you.


    BTW Philip, How does exim verify CA-signed certificate
    without rootCA certificate ?
    I think certificate verification is not OpenSSL matter.
    Sorry about it because I don't know well about it.

>
> >         I have only relf-signed credential at this moment
> >         because I don't have such $$$ for my MX.

>
> Me too.


    Toooooooooo EXXXXXXXXXpensive for us :-(

>
> >         IMHO, retry w/o TLS is not required on failure
> >         of TLS session.

>
> But, after all retries has done without success the message is not
> delivered, so NO message will be delivered to that server using TLS
> which is not a very good situation unless one of the ends takes some
> measures.


    For what purpose do you use TLS ?
    If your requirement is to encrypt e-mail messages,
    exposing e-mail messages is much worse than undelivered,
    IMHO.


    My interest is in authentication of the connection.
    Encryption can be made with another way on apllication
    layer, such as PGP.


    Sorry for my terrible English...

>
> --


-- 
  Toshio Kumagai    (Toshio_Kumagai@???), Japan