I'm setting up a manualroute for exim to deliver certain mail to a
smarthost. It will use TLS over port 587 with auth. The auth is
irrelevant to this though. I've got it working, however I have
concerns about a man in the middle attack.
If I were pointing an email client like Thunderbird directly at the
smarthost, it would warn me if the cert was self signed, didn't
match the common name, or if it had changed since last time. I
can't seem to get exim to do any of that.... How do I go about it?
What I *want* for exim to do is queue the message if the certificate
changes.
Here's my current config:
The router:
smarthost4:
debug_print = "R: smarthost4 for $local_part@$domain"
driver = manualroute
domains = +smarthost4_domains
transport = smarthost4
route_list = * "smarthost4.internaldns.grepular.com"
The transport:
smarthost4:
debug_print = "T: smarthost4 for $local_part@$domain"
driver = smtp
port = 587
hosts_require_tls = *
hosts_require_auth = *
tls_tempfail_tryclear = false
tls_verify_certificates = /etc/ssl/certs/
P.S. I'm using exim 4.63 compiled against openssl.
Mike
