On Thu, 12 May 2005, John Peacock wrote: > Charlie Brady wrote: > > Not relevant to your I/O problems, but this is not yet a full > > implementation of starttls. You'll need to discard any data from before > > the switch to tls (helo host, from/rcpto, authentication state). IOW, an > > implicit rset, I think. > > The other thing I'd like to know before any TLS patch gets committed: > how do most MTA's respond to self-signed certs, since most people don't > expect to pay NetSol/Thawte/etc. for a server cert for each of their MX > servers. And if self-signed certs are acceptable, it would be a very > good idea to document how to generate a cert (or even provide a script). > I do it often enough that the command is still in my shell history > (!), but I suspect most people would be lost without any hints...
You'd have to do it with hooks for TLS so that you can enforce signed certs with a plugin, or make TLS mandatory for some senders/recipient combinations.
