domain ENCR:128 ?†? mail.someother.domain not listed
When sendmail connects to mail.someother.domain (and when mail.someother.
domain does not support STARTTLS) the message will be transmitted in plain
text (unencrypted).
The tls_rcpt rule set was created specifically to deal withth is problem. It is called
just before a RCPT To: command is sent to the other site.
The workspace supplied to tls_rcpt is the current recipient (the one that will be
given in the RCPT To: command when it is issued). This rule set is allowed to require
encryption or verification of the recipient??™s MTA, even if the message was redirected
with MX records to another site.
The tls_rcpt rule set looks up the recipient in four different ways, where the format
of the recipient address is user@host.domain. Eachlookup is prefixed witha literal
TLS_Rcpt:. The lookups are:
TLS_Rcpt:user@host.domain
TLS_Rcpt:user@
TLS_Rcpt:host.domain
TLS_Rcpt:domain
TLS_Rcpt:
The tls_rcpt rule set accepts the righthand-side value from the first matched lookup.
If there is no match, the recipient address is considered good and the RCPT To: command
is allowed to be issued.
The allowable righthand-side values are the same as those described for the tls_
server rule set in the preceding section. The requirements in the righthand side are
compared to the ${verify} and ${cipher_bits} macros, as appropriate, and the connection
is either allowed to continue, or not, based on the result.
Pages:
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411