[exim] Remote SMTP server TLS certificate verification again…

Top Page

Reply to this message
Author: IB Development Team
Date:  
To: exim-users
Subject: [exim] Remote SMTP server TLS certificate verification against given domain name
Hello,

Is there any way (without using DANE) in exim SMTP client to force
matching domain in remote SMTP server certificate with string
configured in exim for recipient e-mail domain and not with hostname
returned by (unsecure) DNS MX lookups?

Something like "secure" cert match in postfix (resolves remote MX-es
using DNS but checks remote certificate against defined names not
hostnames from DNS):

http://www.postfix.org/TLS_README.html#client_tls_secure

Exim configured with TLS forced to such recipient domanin should use MX
to find servers but verify server cert against domain name from exim's
config (i.e. file/db lookup).

--
Regards,
Pawel Boguslawski

IB Development Team
https://dev.ib.pl/