On Wed, Mar 29, 2023 at 09:40:16AM +0200, Kirill Miazine via Exim-users wrote:
> I understand it might help a little bit to require TLS, but without
> verficiation that a certificate is valid, TLS requirement is not such
> a big win, is it?
Depends on your aims. Pure encryption is one level of
The subject line caught my interest.
My mail domain is DNSSEC Signed and I have SSL/TLS Certificates (Let's
Encrypt - which I've automated) that cover it - and have implemented
TLSA records for my mail server a few years back. So if the recipient
SMTP server also happens to have a TLSA DNS
On 29/03/2023 10:40, Slavko via Exim-users wrote:
Dňa 29. 3. o 10:56 Olaf Hopp (SCC) via Exim-users napísal(a):
decided still to live with 2 pairs of routers and transports
and keep in mind, when I change one of them, I have to change the other one as
well.
And what about include common
Dňa 29. 3. o 10:56 Olaf Hopp (SCC) via Exim-users napísal(a):
On 3/28/23 15:59, Mike Tubby via Exim-users wrote:
Jeremys proposal sounded promising at first look, but after his correction
that I have to use "max_rcpts = 1" and that these are my main routers /
transports
handling ~200k Mails
On 3/28/23 15:59, Mike Tubby via Exim-users wrote:
Hi Olaf,
outbound_force_tls:
driver = dnslookup
domains = +tls_force_remote_domains
transport = remote_smtp_force_tls
outbound_lookup:
driver = dnslookup
domains = ! +local_domains
Dňa 29. 3. o 10:22 Evgeniy Berdnikov via Exim-users napísal(a):
On Wed, Mar 29, 2023 at 09:40:16AM +0200, Kirill Miazine via Exim-users wrote:
I understand it might help a little bit to require TLS, but without
verficiation that a certificate is valid, TLS requirement is not such
a big win, is
• Evgeniy Berdnikov via Exim-users [2023-03-29 11:22]:
> On Wed, Mar 29, 2023 at 09:40:16AM +0200, Kirill Miazine via Exim-users wrote:
> > I understand it might help a little bit to require TLS, but without
> > verficiation that a certificate is valid, TLS requirement is not such
> > a big win,
I understand it might help a little bit to require TLS, but without
verficiation that a certificate is valid, TLS requirement is not such
a big win, is it?
I too have a transport that would require TLS for certain sending
domains, but I haven't yet required TLS verification, because it often
On 2023-03-29 at 04:46:17 UTC-0400 (Wed, 29 Mar 2023 10:46:17 +0200)
Kirill Miazine via Exim-users
is rumored to have said:
Exactly. The former preventing passive data collection, the later --
active. Still, if *I* were to state a legal requirement that certain
domains use TLS, I'd also ask
On Wed, Mar 29, 2023 at 12:24:22PM -0400, Bill Cole via Exim-users wrote:
> On 2023-03-29 at 04:46:17 UTC-0400 (Wed, 29 Mar 2023 10:46:17 +0200)
> Kirill Miazine via Exim-users is rumored to have said:
>
> > Exactly. The former preventing passive data collection, the later --
> > active. Still,
Dňa 29. marca 2023 16:24:22 UTC používateľ Bill Cole via Exim-users
napísal:
>On 2023-03-29 at 04:46:17 UTC-0400 (Wed, 29 Mar 2023 10:46:17 +0200)
>Kirill Miazine via Exim-users
>is rumored to have said:
>
>> Exactly. The former preventing passive data collection, the later --
>> active. Still,
On 29/03/2023 17:59, Viktor Dukhovni via Exim-users wrote:
It is (at least in Postfix) also possible
Please note that this mailing list is not focussed on Postfix.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at
On Wed, Mar 29, 2023 at 06:59:42PM +, Slavko via Exim-users wrote:
> Why in hell the certificate signed by same (anonymous for me)
> group (understand CA) is considered as secure, but certificate
> signed by my own CA is not ? Only because someone (anonymous
> for me again) decided that these
Dňa 29. marca 2023 20:27:30 UTC používateľ Viktor Dukhovni via Exim-users
napísal:
>On Wed, Mar 29, 2023 at 06:59:42PM +, Slavko via Exim-users wrote:
>> Do you expect that all these domains have to use
>> the same name in MX? Or do you expect thousands certs
>> on that MTA?
>
>Either will
Dňa 29. marca 2023 21:11:05 UTC používateľ Evgeniy Berdnikov via Exim-users
napísal:
> One can generate self-signed certs, paying 2 cents, but you can't generate
> trust for such amount of money. Trust to public CAs can be measured by cost
> of related risks and business, starting from hundreds
On Wed, Mar 29, 2023 at 06:59:42PM +, Slavko via Exim-users wrote:
> Verifying name in case of SMTP has another problem -- which
> name to verify? Recipient's domain name? Name from MX? Or
> frpm PTR? You know they often differs, at least in that that MX
> is subdomain or even totally
16 matches
Mail list logo