Bug#314296: Re: Bug#314296: exim4 NOT verifying server certificate
Marc Haber
Marc Haber <mh+debian-packages@zugschlus.de>, 314296@bugs.debian.org
Sun, 19 Jun 2005 09:07:04 +0200
Hi,
On Sun, Jun 19, 2005 at 08:23:57AM +0800, Wenzhuo Zhang wrote:
> On Sun, Jun 19, 2005 at 01:29:57AM +0200, Marc Haber wrote:
> > SMTP AUTH over TLS with actual verification of the server certificate
> > is not very common nowadays.
>
> Most MUA programs will verify the server certificate if you ever enable
> TLS.
Most MUAs can rely on a browser having the obvious CA certificates
available
> > Where should the package automatically obtain the CA certificate to
> > verify the server against? How to handle the case of delivering two
>
> MAIN_TLS_VERIFY_CERTIFICATES.
So the macro should give a path to the certificates? Who is going to
fill that path?
> > different smarthost, one of them having a self-signed certificate?
>
> Since we're talking about the Debian package and its configuration
> utility, do we have to worry about complicated scenarios?
Take a look at the bug reports against exim4, and see what scenarios
we have to worry about. Roommates sharing a mail server, using
differnet freemailers which all of them demand that their addresses
get relayed through their smarthosts are quite common, and this is a
case where your setup breaks.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835