On Tue, Jun 17, 2025 at 03:03:44PM -0500, Martin McCormick via Exim-users wrote:
> Many thanks to the person who noticed the exposed password
You're welcome.
> Persuading this large corporation to part with a few Dollars to renew
> that certificate is about as likely as an Olympic ice skating contest
> on the frozen surface of hell, itself.
If you're quite sure the certificate will be stable for a long time, and
are in a position to react promtly when hell does freeze over, perhaps
Exim has some mechanism to "pin" a particular certificate or public key
for a given destination?
Jeremy, is there anything in Exim roughly equivalent to the Postfix
"fingerprint" security level?
> If you are reading this message, they also changed the PW in the
> outgoing server. Until I can get exim4 v4.96 to be happy with sending
> the outgoing messages, I must still do it this way though.
As Jeremy noted, you should be able to turn off certificate
verification, and make do with unauthenticated TLS, if that meets your
needs best. Personally, I'd try to get some form of verification to
work and be required for both Exim *and* fetchmail.
--
Viktor.
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
