Re: [Exim] TLS Issue

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJohn P Connor at <-
M 
Delete this message
Reply to this message
Author: Dennis Davis
Date:  
To: exim-users
Subject: Re: [Exim] TLS Issue
>From: Philip Hazel <ph10@???>
>To: John P Connor <john.connor@???>
>cc: exim-users@???
>Precedence: bulk
>
>> It seems that we probably need an option in Exim to work round
>> this, do you think?
>
>I am not at all keen on this, but I suppose I am open to persuasion
>if lots of people feel the need.

I'm not keen on this at all.

>To remind the list of the issue: A broken client fails to send a
>new EHLO after starting a TLS session; this leaves Exim in SMTP
>mode rather than ESMTP mode, because it has reset itself, as the
>RFC specifies. The client then sends a MAIL command with a SIZE
>option, which Exim rejects because that is valid only in ESMTP
>mode.
>
>What do people think about this?

Well, I see broken clients advertising TLS when they can't hack
it. I'm working on an exim4 configuration that is derived from an
existing exim3 configuration. I'm currently using:

hostlist no_tls_advertise_hosts = net-SEARCH;NO_TLS_HOSTS

as a main configuration option and an SMTP transport with:

hosts_avoid_tls = +no_tls_advertise_hosts

Isn't something similar to the above the way to go when dealing with
broken clients that can't get the TLS right?


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[Exim] Re: Questions[Exim] mailing list address returned unqualified address->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)