Hi, On Thu, Jun 16, 2005 at 11:29:15AM +0800, Wenzhuo Zhang wrote: > On Thu, Jun 16, 2005 at 01:04:30AM +0200, Marc Haber wrote: > > > Isn't tls_verify_certificates supposed to verify the server certificate > > > as well? > > > > It should. However, that code is not very well tested. Can you give me > > an SMTP AUTH account on the smarthost to try it myself? > > Sure. The SMTP server supports PLAIN/LOGIN authentication mechanisms > over TLS. The username of the test account is "debian". I'll send you > the password through another message. You can forward it to other Debian > developers.
As Andreas spotted correctly, conf.d/main/03_exim4-config_tlsoptions only controls verification of the client certificates. For server certificate checking, you need to add the configuration option to the SMTP transport. I am reluctant to add infrastructure for this to the default configuration, since this is quite rarely used, and could break mail delivery. I have, however clarified the documentation in conf.d/main/03_exim4-config_tlsoptions to clearly say that this option here only concernd client certificates and added a hint where to configure server certificate verification. The SMTP account you have created is therefore not needed any more and can be removed. If there is anything more we can do for you, please feel free to re-open the bug that Andreas closed. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

