Re: [Exim] TLS Issue

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Dennis Davis
Dátum:  
Címzett: exim-users
Tárgy: Re: [Exim] TLS Issue
>From: Philip Hazel <ph10@???>
>To: John P Connor <john.connor@???>
>cc: exim-users@???
>Precedence: bulk
>
>> It seems that we probably need an option in Exim to work round
>> this, do you think?
>
>I am not at all keen on this, but I suppose I am open to persuasion
>if lots of people feel the need.


I'm not keen on this at all.

>To remind the list of the issue: A broken client fails to send a
>new EHLO after starting a TLS session; this leaves Exim in SMTP
>mode rather than ESMTP mode, because it has reset itself, as the
>RFC specifies. The client then sends a MAIL command with a SIZE
>option, which Exim rejects because that is valid only in ESMTP
>mode.
>
>What do people think about this?


Well, I see broken clients advertising TLS when they can't hack
it. I'm working on an exim4 configuration that is derived from an
existing exim3 configuration. I'm currently using:

hostlist no_tls_advertise_hosts = net-SEARCH;NO_TLS_HOSTS

as a main configuration option and an SMTP transport with:

hosts_avoid_tls = +no_tls_advertise_hosts

Isn't something similar to the above the way to go when dealing with
broken clients that can't get the TLS right?