Re: [Exim] TLS (SSL) enabled = TLS (SSL) mandated???

On Thu, 11 Oct 2001 21:57:03 -0400, Tabor Wells wrote:

>On Thu, Oct 11, 2001 at 05:56:19PM -0700,
>Chris Seberino <seberino@???> is thought to have said:

>> If I enable TLS support in Local/Makefile does that
>> mean Exim will NOT work if someone tries to send/receive
>> email from/to remote machine that does NOT have TLS (SSL)???

>Not unless you specifically configure it to be that way. By default if you
>compile in TLS support exim will attempt to use SSL when another host
>advertises STARTTLS. Likewise you can also configure your server to
>advertise STARTTLS. Read chapter 38 of the Exim specification for details.

additionally, once TLS is enabled, you will need to watch the log
files for the occasional instance where the host on the other end of
the connection advertises it but then wanders off into lala land. i've
seen a couple of these; you need to special case these hosts with
host_avoid_tls on the remote_smtp transport

>> Fetchmail also has TLS (SSL) support. It would almost
>> be nice if it was mandated so I would know if all
>> my email was private.

>You really can't know that. Well, unless you only send email to yourself
>on a completely closed system. And even then I wouldn't be so sure. :)

really. from a security point of view, SMTP over TLS is fairly lame,
for any number of reasons that are not easily dealt with. if it's that
important to you, look at PGP or S/MIME solutions.

richard