> On Tue, 25 Jul 2006, jtelep@??? wrote:
>
>> SO the mail clients then should choose an option similar to "Use TLS, if
>> available"
>
> Never use this option. It makes you vulnerable to downgrade attacks which
> can cause your password to be revealed to an attacker without any visible
> warning. Only use TLS or SSL in "required" mode with server certificate
> verification.
>
> Tony.
> --
> <fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
> N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
> \N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
>
Please forgive my ignorance as I have never set this up before but the
client that I use (Thunderbird) for sending the mail does complain about
the validity of the certificate that my server offers it when I connect to
send mail. I have never provided Thunderbird with any certificates since
I have set this up (just used the
'/usr/share/doc/exim4-base/examples/exim-gencert' command and left the
certificate and key in the default location). Am I supposed to provide
one of these files to Thunderbird (copy it somewhere locally) to ensure
this is set up and working correctly?
Thanks,
Jon
