On Tue, 12 May 2015 05:53:37 -0700, Johannes Löthberg
<[email protected]> wrote:
Fair point. Any hints for where to start looking at implementing one? ;)
This is my own terrible crude attempt:
http://www.mail-archive.com/[email protected]/msg01582.html
I think if you had a cronjob that ran a script once a day which extracted
the domain names for every "Server certificate verification succeeded on
session xxxx" message, and then added that to a table (I call mine
'force-tls') that would work.
There are a few issues which I'm trying to work out
1) How to weed out the duplicates
2) Situations where the primary mx server presents a valid cert, but some
backup or alternate mx servers do not
3) How to remove a domain from the table if TLS certificate validation
starts failing for an mx host on that domain
Someone more knowledgeable than me about scripting might be able to
determine if these problem can be solved using a shell script, or a more
powerful language is called for.
--
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]
