https://bugs.exim.org/show_bug.cgi?id=2545
--- Comment #1 from Jeremy Harris <jgh146exb@???> ---
The other side of the coin is: if the system is being used as an SMTP server
then
the admin should realise what they're doing and get a certificate generated
which
is traceable to an authority trusted by the clients. Otherwise, the clients
get
only wire-encryption and do not get authentication. Thereby, an attacker who
has
penetrated this enclave could manage to spoof being the server, and inspect the
mails.
The obnoxious message is there to point out the situation to the admin.
There's no single good answer, I think. I'll leave the bug open for other
comments, but am not currently intending to work on generating a high-quality
automatic security solution. In my opinion this should be done by distros.
--
You are receiving this mail because:
You are on the CC list for the bug.
