https://bugs.exim.org/show_bug.cgi?id=2545
--- Comment #1 from Jeremy Harris <[email protected]> --- The other side of the coin is: if the system is being used as an SMTP server then the admin should realise what they're doing and get a certificate generated which is traceable to an authority trusted by the clients. Otherwise, the clients get only wire-encryption and do not get authentication. Thereby, an attacker who has penetrated this enclave could manage to spoof being the server, and inspect the mails. The obnoxious message is there to point out the situation to the admin. There's no single good answer, I think. I'll leave the bug open for other comments, but am not currently intending to work on generating a high-quality automatic security solution. In my opinion this should be done by distros. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
