Re: [exim] Should MX offer TLS ?

Top Page
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] Should MX offer TLS ?
Dave Evans wrote:
> On Wed, Nov 07, 2007 at 03:59:25PM +0000, Mike Cardwell wrote:
>> I fail to see any connection between a mail server sending over TLS, and
>> the experience of the admin of the server. I also fail to see the
>> usefulness of making that connection. It's not something you could ever
>> filter on.
>
> Sure you can.
>
>   deny
>     condition = ${if !eq {$tls_cipher}{}}
>     message = Only criminals use encryption

>
> ;-)
>
>


I *think* he meant '..ever filter on and stay in the business of transferring
maessages reliably'.

Another poster's remark about 'real cert' doesn't apply either - these are
nearly always self-generated, self-signed, and not checked against a CA, public
OR private at either end.

Requiring matching PEM certs - as for a corporate intranet - is a different
application.

Spealing of which - TLS for submisson, TLS for POP/IMAP, and TLS for MX - MX
does give nearly end-to-end protection between/among corporate servers.

Providing they - and the MUA boxen, have at least some level of physical
security. Better than nothing, anyway.

Not much help for off-net correspondents, of course.

Bill