On 04/Nov/11 01:48, Sam Varshavchik wrote: > Alessandro Vesely writes: > >> An intermediate approach could be to have a "starttls-something" >> database anyway, where each host's entry contains the state of >> the last handshake, any of "known CA", "auto-trusted" with >> fingerprint and dates, or "broken", with suitable rules for state >> changes > > Well, Courier does have something similar, an optional way to force > all mail to a known domain to use TLS, and use a certificate with a > verified signature.
I assume you mean the SECURITY extension. I didn't try it, but it seems to be a per-message option that can be routinely enabled for selected domains. Thus, the server works for both the walled garden and the Internet at large. And it bounces messages that are destined within the walled garden if the target host's certificate isn't trusted. Does that keep track of hosts' certificates? It doesn't seem to automatically move hosts in/out of the walled garden, does it? -- ------------------------------------------------------------------------------ RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
