Bug#314296: exim4 NOT verifying server certificate
Marc Haber
Marc Haber <mh+debian-packages@zugschlus.de>, 314296@bugs.debian.org
Thu, 16 Jun 2005 01:04:30 +0200
On Thu, Jun 16, 2005 at 12:18:17AM +0800, Wenzhuo Zhang wrote:
> The Postfix smarthost allows relay only if clients successfully
> authenticate (SMTP AUTH) through a TLS session. If it's a plain-text
> session, SMTP clients won't be able to authenticate. The SSL certficate
> of the smarthost is signed by a do-it-yourself CA.
>
> exim4 client can relay through the smarthost, and I have the following
> entries in /etc/exim4/exim4.conf.localmacros:
>
> MAIN_TLS_VERIFY_CERTIFICATES = /etc/exim4/cacert.crt
> MAIN_TLS_VERIFY_HOSTS = mail.linux-vs.org
>
> /etc/exim4/cacert.crt is the certificate of the do-it-yourself CA.
> However, even after I replace it with a random authorized CA certificate
> and restart the exim4 daemon, the exim4 client can still relay through
> the smarthost.
>
> Isn't tls_verify_certificates supposed to verify the server certificate
> as well?
It should. However, that code is not very well tested. Can you give me
an SMTP AUTH account on the smarthost to try it myself?
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835