[exim] outgoing TLS - verifying certificates

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Wolfgang Breyha
Datum:  
To: exim-users
Betreff: [exim] outgoing TLS - verifying certificates
Hi!

I recently changed our configuration to verify SSL certificates.

I recognized that this changed the behaviour of exim on outgoing connections.
If verification fails he cancels the connection and sends it on a clear
channel. The only way to avoid that is to set host_require_tls = *. But this
means that there is no fallback then.

I primarily activated verification to be able to log that part of information.
But since I can't get the same behaviour as without verification I think I've
to deactivate it again since I care more about encryption on the wire. Or is
there something I missed in the documentation of the smtp transport?

In case I didn't, wouldn't it be practical to be able to encrypt even if
verification fails on outgoing delivery?

Greetings, Wolfgang
--
Wolfgang Breyha <wbreyha@???> | http://www.blafasel.at/
Vienna University Computer Center | Austria