--- In milter-greylist@yahoogroups.com, Emmanuel Dreyfus <manu@...> wrote: > > On Tue, Feb 19, 2008 at 02:29:16PM -0000, ondrej_v0 wrote: > > Very different: > > 1. racl tls /.*/ won't work. You probably wanted to say racl tls_re /.*/ > > 2. It only work for those who present their private certificate which > > is very, very rare. In most cases MTA's have no private certificate > > 3. My fix enable to whitelist even those w/o a private certificate... > > What about mathing clients that do not present a certificate? That way, > you can match any certificate, including none (with two ACL), and you > can also allow TLS with a certificate but not TLS without a certificate. > > -- > Emmanuel Dreyfus > manu@... > Show me the example. Anyway I doubt you can do it - take a look at the source codes - there is hardcoded Verify=yes which means a private certificate is required.....
Message
Re: whitelist STARTTLS compliant senders
2008-02-19 by ondrej_v0