[Pkg-exim4-users] using TLS/SSL with exim4 under debian

[Marc Haber]

On Tue, Aug 23, 2005 at 03:46:50PM +0200, Brent Clark wrote:
> But my question is, to use TLS/ SSL., obviously I need a cert. BUT Do I 
> have to it signed with a CA like Thwate / verisign etc.

No, you don't. I have yet to see an MX that does certificate validation.

I have seen smarthosts who insist on seeing a valid and signed client
certificate before relaying for a client, and I have seen clients
complaining about an "untrusted" certificate when doing SMTP AUTH.

But, certificate validation in SMTP traffic between servers has no
market relevance.

> I would like to use TLS / SSL on my public mailing list. I currently have 
> mail been sent / received with my current exim4 relay, but I would like to 
> a secure the mail.

Explain what you mean by "secure". If you have arbitrary users on the
mailing list, chances are that they are on big freemailers whose MXs
don't support TLS. Do you want to send unencrypted to them, or do you
want to refrain from sending there at all?

Additionally, if some of your users use mail forwarding, you cannot
control the continuing legs of transmission.

If you want to secure your content, use application-level end-to-end
encryption.

> I had a look at the Exim4 doc, and it doesnt look that complicated in 
> setting up. Its just the policy of the cert that im not sure of.
> 
> I cant afford for my mail to be rejected etc.

So you can only offer TLS and do it if the other side can do TLS.

> Would anyone have any docs to share some clarrity on why / how / when etc 
> when using TLS / SSL certs.

Sure. As soon as you share some clarity about what you intend to do.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835