Re: [exim-dev] [Bug 1201] forwarding to a content-scanning s…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Jeremy Harris
Datum:  
To: exim-dev
Betreff: Re: [exim-dev] [Bug 1201] forwarding to a content-scanning site is a bounce-generator
On 2012-06-02 08:16, Phil Pennock wrote:
>>                                       On the other hand the secondary feature
>>     (use of TLS by verify-callouts)  *will* activate automatically.

>
> Please not unless specifically requested: TLS is quite heavy and that
> adds to the verify burden. Can you make this something that has to be
> enabled, either by "verify_tls" on the transports, or a flag on the
> ACL control modifier?


OK, I'll add a switch, defaulting "off".

Because of the interaction between "pure" verify callouts and
cutthrough deliveries neither the new control= nor the
verify= really feels like the right place. I'll put it on the transport
for now; can always move it later.


> Did this help at all? Would it help if I did something similar for
> OpenSSL? We're 1/4 of the way there already, with the "callback" data
> structure used for SNI.


Keeping up with you has been a major effort :)

There may be some tidying needed after I merge.

>
> I favour $tls_in_* and $tls_out_* and keep the existing names, resetting
> as appropriate. Mark the existing names deprecated and state that we're
> likely to remove them in, say, Exim 5.


OK.

--
Jeremy