On Sat, Oct 30, 2021 at 11:58:56AM +0200, Slavko via Exim-users wrote: > > smtp_tls_security_level = none | may | encrypt | fingerprint | dane | > > secure > > I think, that ideal MTA must have option: > > guess_tls_verify = no | user | admin > > That "guess" part points to deciding what hosts are trusted and/or > which are bad.
No. Rather than random ad-hoc policies, we implement and evolve standards. Thus we have: * Base opportunistic TLS: RFC3207 * DANE SMTP: RFC7672 * REQUIRETLS: RFC8689 * MTA-STS (sigh) ... > I am happy, that exim is not ideal MTA and leaves this "guess" for > admins to set it explicitly/manually in mentioned options, which has > usable defaults. Actually, Exim supports DANE, which (when enabled) honours published TLSA records, rather than "guessing". And both Exim and Postfix support different local policies by destination domains. > Anyway, if Exim aborts outgoing connection at failed cert verification > (or any other TLS error) in STARTTLS, it is (IMO) RFC violation > (missing clean QUIT), but i do not know if it happens. No, it is not an RFC violation to abort the handshake, and send a suitable TLS alert message, but this tends to clutter remote server logs with low-level error messages their administrator is likely to not understand. The main point is to not fall back to cleartext when there was a perfectly good TLS handshake the MTA could simply choose to not abort, because the cleartext fallback is definitely not better. -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/