[exim] try_verify TLS on smtp transport?

Góra strony
Delete this message
Reply to this message
Autor: Phil Pennock
Data:  
Dla: exim-users
Temat: [exim] try_verify TLS on smtp transport?
Perhaps I'm having one of my doh-days and I'm just missing something in
the docs.

Is there a way to attempt to verify a remote server's TLS certificate in
the smtp transport, without actually failing it? Something analogous to
tls_try_verify_hosts in the main configuration section for inbound
connections, but for outbound?

Not verifying leaves you subject to Man-in-the-Middle; verifying means
you can't talk to people using self-signed certs or CAs not common for
me; I'd like to try to verify, so that I can look at the CA=<yes|no>
entries in my logs over a period of time and deal with data instead of
supposition.

Thanks,
-Phil