Re: [Exim] SMTP, TLS and self-signed certs

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Bruno Saverio Delbono
Date:  
À: CaLViN
CC: exim-users
Sujet: Re: [Exim] SMTP, TLS and self-signed certs
--
Moin CaLViN!
CaLViN schrieb am Montag, den 09. Juni 2003:

>If I have set tls_advertise_hosts = *, then ALL clients who send an SMTP
>message will try to use TLS if they can. Now what will happen if another
>MTA will deliver a mail to my system, and not a mail client? Would it try
>to use TLS as well, and fail to do so because it can't verify my
>certificate? Will it do the transmission without TLS then or will it refuse
>the connection at all (and leave me without mails)?


No. They should (mostly) accept all unsigned certs. If your MTA offers
STARTTLS, the other MTA will try to send mail via TLS. For example:

(bdelbono@leviathan)(111/pts)(04:14%P:06/09/03)-
(%:~)- telnet mail.open-systems.org smtp                     Monday 16:14:26
Connected to mail.open-systems.org.
Escape character is '^]'.
220 mail.open-systems.org ESMTP (Microsoft Exchange Internet Mail Service For
        Unix 5.5.2653.13+SP2 ready).
ehlo example.com
250-mail.open-systems.org
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5
250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5
250-XVERP
250 8BITMIME
quit
221 Bye


>If the latter is the case, how do I configure exim so that it uses TLS only
>with MUAs?


You can setup this in your MUA configuration.

-Bruno

--
Bruno Saverio Delbono <bdelbono at leviathan dot lucifer dot at>
Systems Engineer - Open-Systems Group Inc.
http://www.open-systems.org/~bruno/
GPG Fingerprint: 1AAC 0F81 54F6 C7AF 2EC4 8993 0594 88B3 E127 35C5
--
[ Content of type application/pgp-signature deleted ]
--