[Exim] Re: TLS Problem

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Suresh Ramasubramanian
Datum:  
To: exim-users
Betreff: [Exim] Re: TLS Problem
+++ Matthew Byng-Maddick [exim-users] <27/12/01 22:51 +0000>:
> My argument is that, just because a host says in the EHLO banner line
> 250-STARTTLS that you shouldn't assume you can do TLS to it. The reason
> for this is that TLS includes all sorts of other requirements which cannot
> be communicated in-band in SMTP, for example client certificates. Therefor
> an outbound mailer *SHOULD NOT* be configured to do TLS to any host that
> advertises the STARTTLS feature.


I disagree. You mean that

1. Either your host should be psychic

or

2. You compile an (ever growing) list of hosts to which you _should_ do TLS

Simpler to specifically exempt those which do offer STARTTLS but implement it
brokenly, as exim does now.

> Your argument, that any host which advertises TLS should allow me to
> establish a TLS connection is rather like saying "just because a host
> allows me to do SMTP AUTH, I should send it my username and password,
> just in case".


So, taking that argument ahead, even if a host advertises ESMTP in its
banner, you'd send a HELO and talk SMTP to it?

    -srs


--
Suresh Ramasubramanian <----> mallet <at> efn dot org
EMail Sturmbannfuhrer, Lower Middle Class Unix Sysadmin