Most people just use a $tls_trust_file, either a system-wide one with many certs, or a specific one for the CA of the server. However, since this compares the domain name of $host with that in the certificate, this requires using a correct FQDN in msmtp config. Sometimes it's desirable to use different forms of $host, like an IP-address (IPs of mailservers rarely change, no point to check for a new one every few minutes via an unencrypted and unsigned protocol like DNS) - or a .onion address as Tor Hidden Service.
It would be awesome to combine the "best of two worlds." In order to use an IP or onion as $host combined with $tls_trust_file, I would propose to add something like a $tls_hostname setting which we will be verified against the hostname in the certificate.
This isn't completely new, f.e. unbound does something like this for DNS-over-TLS:
forward-addr: 1.1.1.1#cloudflare-dns.com
https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=658#c10 What do you think about this? Thanks, and keep up the good work! -- ilf If you upload your address book to "the cloud", I don't want to be in it.
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ msmtp-users mailing list msmtp-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/msmtp-users
