On 14/04/16 01:19, Franck Martin via mailop wrote:
Have a look at
https://tools.ietf.org/html/draft-martin-authentication-results-tls-03
may be jump to the example...
I did not pursue, but many MTA clients are sending the certificates,
meant for receiving email to the server they are connecting too.
You can verify that the certificate is trusted (based on your list of
trusted CAs), but there are no good method to do hostname
verification. May be a FCrDNS would allow you to compare with the DNS
names in the SubjectAltNames of the certificate...
Thanks for this reference Franck - I hadn't seen this draft before, but
I'm certainly going to look at adding this into Haraka as one of the
many uses of Haraka is for anti-spam so having additional data points
like this in the headers is useful.
Kind regards,
Steve.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
