Re: [Exim] host_certs_accept_relay ?

Top Page
Delete this message
Reply to this message
Author: Matthew Byng-Maddick
Date:  
To: exim-users
Subject: Re: [Exim] host_certs_accept_relay ?
On Thu, Oct 11, 2001 at 09:19:12AM +0100, Philip Hazel wrote:
> On Wed, 10 Oct 2001, Matthew Byng-Maddick wrote:
> > Will exim4 fix the problem of systems that try and do STARTTLS if they see
> > it in the EHLO extras list, that they try and set up a secure connection,
> > and don't present a certificate, such that the setup fails, but the normal
> > SMTP dialogue can't be resumed causing the message to suffer a temporary
> > error.
> If the setting up of an enrypted session fails, there isn't much you can
> do because the session is an unknown state.


Sure.

> > Ie, will exim4 actually say, ok. you have a secure connection, but
> > I don't actually know anything about you, so you can't do the relay bit of
> > the SMTP ACL?
> Yes.


This was more the answer I was looking for.

> Exim 4 does indeed solve this problem (as a server). It can be
> configured with "ask the client for a certificate, but if the client
> doesn't provide a certificate, or if the certificate doesn't match what
> you expect, still carry on with the encrypted session". You can then
> test for this state of affairs in the ACL.


Oh cool. That's exactly what I wanted to hear. :-) It means I don't have
to have my current horrid hack :-)

MBM

-- 
Matthew Byng-Maddick         <mbm@???>           http://colondot.net/