Autor: Andreas Metzler Datum: To: exim-users Betreff: Re: [exim] Next Exim: TLS: changed smarthost example config
On 2018-04-22 Phil Pennock <pdp@???> wrote: > On 2018-04-21 at 11:23 +0200, Andreas Metzler via Exim-users wrote: [...] >> is going to be any effect, people won't change their email address
>> because the hosting smarthost does not provide TLS1.2 (due to SPF et > I didn't actually provide a wet-finger-in-air assessment of this point.
> I covered "no TLS", "unverifiable certificate" and "ciphersuite
> problems". [...] > I mapped "ciphersuite problems" to something which folks should expect
> their mail provider to be able to fix quickly. If there are issues and
> they can't be fixed quickly, then why trust that the provider can do
> much of anything to provide TLS service? > I did not map "no TLS1.2 support" but would tend to treat it much like
> ciphersuite problems. [...]
as intent to require a) TLS and b) not any TLS-version, but TLS 1.2. If
that is not the case the proper fix is not the one I originally posted
but to simply not set tls_require_ciphers for GnuTLS, since the defaults
(exim uses NORMAL - see "gnutls-cli --list --priority=NORMAL") are not
unreasonable.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'