Viktor Dukhovni <[email protected]> (Do 08 Mai 2014 17:03:13 CEST): > On Thu, May 08, 2014 at 04:43:41PM +0200, Heiko Schlittermann wrote: > > > since there is currently a lot work done with respect to tls > > information, I'd like to bring the following into discussion again. > > > > What do you think about it? > > > > (Viktors opinion was, that we shouldn't leave the decision about > > aborting/continuing of the TLS session to the user, but I think, giving > > providing this option is more in the spirit of exim.) > > To be clear, I have no problem with giving users a configuration …
> Exim SHOULD provide:
> * User interface to require/enable/disable DANE TLS
…
> Exim SHOULD NOT require:
> * Complex ${if ...} state-machines to perform hostname
…
I fully agree.
I'm thinking of something about that way (not sure, if I
got the ${acl{}} feature right…
begin acl
acl_check_dane:
accept verify = dane
deny
begin transports
remote_smtps:
driver = smtp
hosts_require_tls = *
tls_continue = ${acl{acl_check_dane}}
This give the user the power to implement whatever he wants
as the condition.
--
Heiko
signature.asc
Description: Digital signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
