Re: [exim-dev] tls_sni = $host in default configuration file

Pàgina inicial
Delete this message
Reply to this message
Autor: Phil Pennock
Data:  
A: Exim-dev
Assumpte: Re: [exim-dev] tls_sni = $host in default configuration file
On 2018-12-17 at 18:44 -0000, Jasen Betts via Exim-dev wrote:
> What does DANE say we shoud ask for? I remember it being non-obvious but
> easily explained. However I don't however remember the detail.


RFC 7672 section 2.2.2.

If DNSSEC is available for every step along the way, for all CNAMEs in
the chain, then the final target. Otherwise, only the original name.

On 2018-12-17 at 19:57 +0100, Andreas Metzler via Exim-dev wrote:
> I only recognized the problem because we have had to workaound/document
> around it in Debian for ages. - We have been using ${lookup{$host} in
> smtp authentication.
>
> CNAME for smarthost is very common, the biggest players (office365,
> gmail and yahoo) use it.


Heiko: I've pushed a new branch to the main repo: "ifdef_smarthost".

As well as making the recommended change, it adds a few more comments
and brings the documentation up-to-date. I recommend merging this in
the RC series, rather than trying to add new code features after RC
start.

I think this change is generally useful, in having a cleaner setup for a
very common use-case, and showing exactly where new macros should be
defined, which can reduce some of the pain encountered by newcomers to
Exim.

I've built spec.pdf locally, it seems sane when I look at the areas
I just changed. Hrm, perhaps some different wording now makes sense for
the start of the main configuration docs after the new macros text?

We'd probably want to explicitly warn packagers, because of default
config rewrites done by some packaging systems (FreeBSD comes to mind).

-Phil