Autor: Phil Pennock Data: Dla: exim-users Temat: [exim] try_verify TLS on smtp transport?
Perhaps I'm having one of my doh-days and I'm just missing something in
the docs.
Is there a way to attempt to verify a remote server's TLS certificate in
the smtp transport, without actually failing it? Something analogous to
tls_try_verify_hosts in the main configuration section for inbound
connections, but for outbound?
Not verifying leaves you subject to Man-in-the-Middle; verifying means
you can't talk to people using self-signed certs or CAs not common for
me; I'd like to try to verify, so that I can look at the CA=<yes|no>
entries in my logs over a period of time and deal with data instead of
supposition.