On Tue, 10 Sep 2002, Erik Bussink wrote:
> This is a bit off-topic, but I could not find much information about
> signing OpenSSL generated certificates with a Microsoft (Win2000 server)
> Certificate Authority and using these signed certificate for the TLS
> support in Exim 4.10. So here are the steps I followed to get a
> successfull result. There might be a better way, or easier one, but
> this has worked for me.
Erik, from what you wrote, I think you probably know more about all this
stuff than most people on this list, and you certainly know a lot more
about it than I do.
> One question I'm still considering, and I haven't found on this
> mailing list or in some documentation, would it be possible to get
> EXIM to TLS encrypt outgoing SMTP connections with remote SMTP
> servers ?
Yes, it's possible (provided the servers support it, of course). Look at
the hosts_avoid_tls and hosts_require_tls options of the smtp transport.
> I understand that my EXIM server will not have the remote's
> TLS certificate, but does it really matter ?
Only if you care about verifying the client's identity.
> I think encrypting the
> SMTP traffic would be a nicer than having normal cleartext traffic.
Remember that not all clients support TLS.
Philip
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.