Dave Evans wrote:
> On Wed, Nov 07, 2007 at 03:59:25PM +0000, Mike Cardwell wrote:
>> I fail to see any connection between a mail server sending over TLS, and
>> the experience of the admin of the server. I also fail to see the
>> usefulness of making that connection. It's not something you could ever
>> filter on.
>
> Sure you can.
>
> deny
> condition = ${if !eq {$tls_cipher}{}}
> message = Only criminals use encryption
>
> ;-)
>
>
I *think* he meant '..ever filter on and stay in the business of transferring
maessages reliably'.
Another poster's remark about 'real cert' doesn't apply either - these are
nearly always self-generated, self-signed, and not checked against a CA, public
OR private at either end.
Requiring matching PEM certs - as for a corporate intranet - is a different
application.
Spealing of which - TLS for submisson, TLS for POP/IMAP, and TLS for MX - MX
does give nearly end-to-end protection between/among corporate servers.
Providing they - and the MUA boxen, have at least some level of physical
security. Better than nothing, anyway.
Not much help for off-net correspondents, of course.
Bill
