On Tue, 14 Jun 2005, thomas schorpp wrote:
>
> tls_verif_hosts = * does NOT work for helo connections in ...4.51. only
> for ehlo.
A client that says HELO instead of EHLO cannot use TLS (TLS requires
extended SMTP which requires the client to say EHLO) and therefore the
client cannot offer a certificate. If you reject non-encrypted clients
(using require encrypted = * in your ACLs) then this will automatically
deal with the HELO clients, and the tls_verify_hosts setting will deal
with the requirement for a certificate.
Tony.
--
<fanf@???> <dot@???>
http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}
