Author: thomas schorpp Date: To: exim-users Subject: Re: Re: [exim] helo leak in tls_verify_hosts , forcing clients to
use ehlo ,configuration?
hello,
Tony Finch wrote: > On Tue, 14 Jun 2005, thomas schorpp wrote:
>
>>tls_verif_hosts = * does NOT work for helo connections in ...4.51. only
>>for ehlo.
>
>
> A client that says HELO instead of EHLO cannot use TLS (TLS requires
> extended SMTP which requires the client to say EHLO) and therefore the
> client cannot offer a certificate.
i know. so the clients defaulting to smtp must be brought to retry with
esmtp somehow.
> If you reject non-encrypted clients
> (using require encrypted = * in your ACLs) then this will automatically
> deal with the HELO clients, and the tls_verify_hosts setting will deal
> with the requirement for a certificate.
>
> Tony.