On Wed, Nov 07, 2007 at 03:29:06AM +0100, Daniel Tiefnig wrote:
>
> > How do sites who *do* do TLS over the Internet (with no certificate
> > checks) get on ? Are there many obscure problems encountered ?
>
> Hmm, I remember some problems with misconfigured MTAs that advertised
> TLS, but then weren't able to provide it. The responsible admins blamed
> us that we weren't able to send mails to them, because other servers
> could send them mail... *sigh* There were quite a lot of them, so I
> started using "hosts_avoid_tls = *" too.
There is "tls_tempfail_tryclear" setting, which will make Exim jump back
to non-encryption after STARTTLS returns 4xx or TLS/SSL negotiation
fails in some way. From my experience, it works just fine.
--
Jan Srzednicki :: http://wrzask.pl/
"Remember, remember, the fifth of November"
-- V for Vendetta