tags #440663 pending thanks On Tue, Sep 04, 2007 at 08:24:14AM -0500, John Goerzen wrote: > On Tue September 4 2007 2:01:56 am Marc Haber wrote: > > > 2.2.1 says "Exim will use TLS via STARTTLS automatically as clint if > > the server Exim connects to offers it." > > > > Would adding something like this help: > > "This means that you won't need any special configuration if you want > > to use TLS for outgoing mail. However, if your server wants to see a > > client certificate, you need to amend your remote_smtp and/or > > remote_smtp_smarthost transports with a tls_certificate option. The > > certificate presented by the remote host is not checked unless you > > specify a tls_verify_certificate option on the transport." > > Yes, that would be an excellent addition.
ok, committed to svn. > > It should just work. Using client certificates is secure, but kind of > > exotic (I have never seen a mail system requiring client certificates > > in the wild, and I see a number of new mail systems each day at work). > > It is used here for authentication for forwarding. It seems a nice > alternative to SMTP AUTH or some other such thing, especially since client > certificates can have built-in expiration dates. Absolutely. However, nobody in the mainstream uses them. > > An experienced user could have seen that a macro with a MAIN_ prefix > > is probably not being used inside a transport, especially because all > > other macros used in the remote_smtp(_smarthost) transports are > > prefixe REMOTE_SMTP_. > > I may not be an experienced user, but it seemed that turning something on in > MAIN would turn it on everywhere. I would also greatly appreciate a comment > in the conf.d/main/ TLS file about this. The file already has a reference to the appropriate README chapter. As a rule, I refuse to maintain double documentation. I have added half a sentence to say that the file only controls exim's behavior as an SMTP server. I am sorry, I cannot force users to read the docs. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
