Matt Bernstein wrote:
>>This is good but also restrict the choice of client software, unless
>>these users are only other servers...
>
>
> One application we have for such certificates is for our users who run
> MTAs at home. Stick something like the following very near the top of your
> RCPT ACL, and all your users' mails can be relayed through your virus
> scanner (and what other "policies" one may have :)
>
> # for MUAs
>
> accept authenticated = *
>
> # for MTAs
>
> accept encrypted = *
> verify = certificate
>
> Another application is for off-site backup MXes.
>
> "Send me a client cert I like and I won't bother doing my evil
> RBL/fake-Hotmail/etc.. tests on you."
>
> Maybe an RBL to bypass local_scan() too (or choose which ones to invoke
> and which ones to skip, if they're going to be DSOs) would be nice in the
> long term. The system load on our (primary) mailer goes nuts after a
> network outage ;)
I would really like to see some kind of howto for this, how too use
root/server/user certificates with exim, and maybe other software.
Any pointers?
ciao
