diff options
Diffstat (limited to 'README.starttls')
| -rw-r--r-- | README.starttls | 10 |
1 files changed, 0 insertions, 10 deletions
diff --git a/README.starttls b/README.starttls index 07ee275..6168c6d 100644 --- a/README.starttls +++ b/README.starttls | |||
| @@ -42,16 +42,6 @@ Optional: - when DEBUG is defined, some extra TLS info will be logged | |||
| 42 | an exhaustive list of hosts TLS is tried on. | 42 | an exhaustive list of hosts TLS is tried on. |
| 43 | If /var/qmail/control/notlshosts/host.dom.ain is present, | 43 | If /var/qmail/control/notlshosts/host.dom.ain is present, |
| 44 | no TLS is tried on this host. | 44 | no TLS is tried on this host. |
| 45 | - client authentication: | ||
| 46 | when relay rules would reject an incoming mail, | ||
| 47 | qmail-smtpd can allow the mail based on a presented cert. | ||
| 48 | Certs are verified against a CA list in | ||
| 49 | /var/qmail/control/clientca.pem (eg. http://www.modssl.org/ | ||
| 50 | source/cvs/exp/mod_ssl/pkg.mod_ssl/pkg.sslcfg/ca-bundle.crt) | ||
| 51 | and the cert email-address has to match a line in | ||
| 52 | /var/qmail/control/tlsclients. This email-address is logged | ||
| 53 | in the headers. CRLs can be provided through | ||
| 54 | /var/qmail/control/clientcrl.pem. | ||
| 55 | - cipher selection: | 45 | - cipher selection: |
| 56 | qmail-remote: | 46 | qmail-remote: |
| 57 | openssl cipher string (`man ciphers`) read from | 47 | openssl cipher string (`man ciphers`) read from |