hello.
i want all clients to have verifiable certs and use tls.
tls_verif_hosts = * does NOT work for helo connections in ...4.51. only
for ehlo.
so i block otherwise with acl.
xxxxxxxxxxxxxxxxxxxxxxxxxxx
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl
# dont accept without certificate cv
acl_certhelo_deny:
deny
message = Your certificate issuer is no valid root CA or no encrypted
connection, get one for free from www.cacert.org
!verify = certificate
!encrypted = *
accept
xxxxxxxxxxxxxxxxxxxxxxxxxx
although this works it is not recommended, cause clients will not retry
with ehlo then and report the message to users as rejected.
better not advertise helo at all.
question: what configuration do you suggest to force clients to ehlo?
is it possible at all without changing exim in program code?
could the desired client behaviour triggered by the appr. error message?
which?
thx,
y
tom
