Re: [Exim] Re[3]: TLS Problem

Top Page
Delete this message
Reply to this message
Author: Marc MERLIN
Date:  
To: Matthew Byng-Maddick
CC: exim-users
Subject: Re: [Exim] Re[3]: TLS Problem
On Sat, Dec 29, 2001 at 12:03:00AM +0000, Matthew Byng-Maddick wrote:
> I'll answer you and Marc (who is obviously a clueless fuckwit, because he
> explicitly sent me a copy of the reply) in one go. The problem is that my


:-)
Guess what? You'll get another copy of the message here too, and you will
until you prepend a warning asking not to be Cced, or more simply, you
include a "Mail-Followup-To: exim-users@???" header.

> host *CAN* do TLS, but that you do not have the right credentials to
> establish a TLS session. Marc is wrong in assuming that you get any kind
> of error, you don't. The connection is just left in an undefined state,


You make bold claims, and I've had to debug connections which broken hosts
that advertised TLS and then couldn't support it.
They returned a 4xx error (in the hopes that the sysadmin would fix the
whatever prevented TLS to initialize).
I do not claim that no host will ever return a 5xx error, I simply do not
recall having seen any, but I'll state as a fact, that several MTAs do
return 4xx in this case.

> where neither side knows whether to encrypt or send plaintext, because
> the receiver-smtp side didn't want to make the TLS connection. Therefore,
> by doing TLS to any host that advertises it, you lose, because your mail
> sits in the queue and attempts to set up the same TLS connection with the
> same inappropriate or incomplete credentials, and fails again.


Sorry but while you seem to know how to do name calling, you do not seem to
know what you are talking about.

> Oh, sure, sorry, this is fine, I'm not saying this is dorkish. What I
> am, however, complaining about is the inability to see why randomly using
> TLS to any host that advertises that it can do the STARTTLS command is
> a problem.


BTW, not that I'd want to support what I write with facts and numbers, but
sourceforge.net sends about 500k messages a day to people all over the
internet (more than 300k distinct addresses). It will do TLS with anyone
that advertises it. I think we get one or two tickets a month about hosts
that advertise TLS and then fail to perform. They usually get fixed soon
afterwards.

I have no plans to continue this discussion further BTW

Marc
--
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking


Home page: http://marc.merlins.org/ | Finger marc_f@??? for PGP key