Bug#440663: exim4-config: MAIN_TLS_* doesn't actually enable TLS
Marc Haber
mh+debian-packages at zugschlus.de
Tue Sep 4 13:55:08 UTC 2007
tags #440663 pending
thanks
On Tue, Sep 04, 2007 at 08:24:14AM -0500, John Goerzen wrote:
> On Tue September 4 2007 2:01:56 am Marc Haber wrote:
>
> > 2.2.1 says "Exim will use TLS via STARTTLS automatically as clint if
> > the server Exim connects to offers it."
> >
> > Would adding something like this help:
> > "This means that you won't need any special configuration if you want
> > to use TLS for outgoing mail. However, if your server wants to see a
> > client certificate, you need to amend your remote_smtp and/or
> > remote_smtp_smarthost transports with a tls_certificate option. The
> > certificate presented by the remote host is not checked unless you
> > specify a tls_verify_certificate option on the transport."
>
> Yes, that would be an excellent addition.
ok, committed to svn.
> > It should just work. Using client certificates is secure, but kind of
> > exotic (I have never seen a mail system requiring client certificates
> > in the wild, and I see a number of new mail systems each day at work).
>
> It is used here for authentication for forwarding. It seems a nice
> alternative to SMTP AUTH or some other such thing, especially since client
> certificates can have built-in expiration dates.
Absolutely. However, nobody in the mainstream uses them.
> > An experienced user could have seen that a macro with a MAIN_ prefix
> > is probably not being used inside a transport, especially because all
> > other macros used in the remote_smtp(_smarthost) transports are
> > prefixe REMOTE_SMTP_.
>
> I may not be an experienced user, but it seemed that turning something on in
> MAIN would turn it on everywhere. I would also greatly appreciate a comment
> in the conf.d/main/ TLS file about this.
The file already has a reference to the appropriate README chapter. As
a rule, I refuse to maintain double documentation. I have added half a
sentence to say that the file only controls exim's behavior as an SMTP
server.
I am sorry, I cannot force users to read the docs.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190
More information about the Pkg-exim4-maintainers
mailing list