[Exim] TLS Question

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Sven Geggus
Date:  
À: exim-users
Sujet: [Exim] TLS Question
Hi there,

In a setup of two computers one machine with a fixed IP-Adress and a
permanent connection to the Internet is used as MX while the other machine
is using dynDNS and is connected to the Internet only mot of the time with
changing IP-Addresses.

The goal I want to achieve is to automaticaly forward all incoming Email to
the machine using dynDNS.

That's where TLS comes to mind, because there is an unlikely but possible
case, where the dynDNS Machine is not the one I expect it to be!

In this case the Email has to be kept in exims Mailqueue on the MX Machine.

The Question is now how to achieve this Setup.

TLS works on both machines but is not yet using client certificates.

I have set up tls_certificate and tls_privatekey. These are two different
Keys on any of the two machines and both crtificates are signed by the same
(my own) CA.

Talking about clients an Servers now I would like to know which of the two
machines is the client and which one is the Server as far as incomming Email
is concerned?

I made the assumption, that the dynDNS Machine is the Server.

That means, that SMTP-auth is not sufficient for this scenario, because the
server needs to authenticate the client and not vice versa.

Would it be possible to achieve this goal using TLS client certificates
instead of SMTP-auth?

Sven

--
Why are there so many Unix-haters-handbooks and not even one
Microsoft-Windows-haters handbook?
Gurer vf ab arrq sbe n unaqobbx gb ungr Zvpebfbsg Jvaqbjf!
/me is giggls@ircnet, http://sven.gegg.us/ on the Web