Re: [exim] Should MX offer TLS ?

Top Page
Delete this message
Reply to this message
Author: Jan Srzednicki
Date:  
To: Daniel Tiefnig
CC: Exim Mailing List
Subject: Re: [exim] Should MX offer TLS ?
On Wed, Nov 07, 2007 at 03:29:06AM +0100, Daniel Tiefnig wrote:
>
> > How do sites who *do* do TLS over the Internet (with no certificate
> > checks) get on ? Are there many obscure problems encountered ?
>
> Hmm, I remember some problems with misconfigured MTAs that advertised
> TLS, but then weren't able to provide it. The responsible admins blamed
> us that we weren't able to send mails to them, because other servers
> could send them mail... *sigh* There were quite a lot of them, so I
> started using "hosts_avoid_tls = *" too.


There is "tls_tempfail_tryclear" setting, which will make Exim jump back
to non-encryption after STARTTLS returns 4xx or TLS/SSL negotiation
fails in some way. From my experience, it works just fine.

-- 
  Jan Srzednicki  ::  http://wrzask.pl/
  "Remember, remember, the fifth of November"
                                     -- V for Vendetta