On Sun, Oct 14, 2001 at 01:55:27AM -0500,
Hanasaki JiJi <hanasaki@???> is thought to have said:
> The docs seem to state that SMTP over SSL is basically an open relay to
> MTA that talks to my server with SSL. Is this a correct interpretation?
> Is there a fix coming soon?
> Thanks.
Could you please quote the part of the docs that suggest this?
I think this part of section 38.1 in the exim specifications is pretty
clear:
---snip---
You can permit client hosts to relay, provided they are in a TLS session,
by setting tls_host_accept_relay. Note that all the host relay checks are
alternatives. Relaying is permitted if any of the checks is passed, that
is, if
The host matches host_accept_relay, OR
The host is authenticated and matches host_auth_accept_relay OR
The host is using a TLS session and matches tls_host_accept_relay.
Using tls_host_accept_relay probably makes sense only if you are checking
the client's certificate.
---snip---
but perhaps there's an ambiguity somewhere else that needs to be
corrected.
Tabor
--
--------------------------------------------------------------------
Tabor J. Wells twells@???
Fsck It! Just another victim of the ambient morality
