When a
connection is made or received and STARTTLS is negotiated,
sendmail updates the value of several macros,
among which is this ${verify} macro.
This ${verify} macro stores a text word that
describes the result of verification of the presented certificate.
Those possible text words are shown in Table 21-10.
Table 21-10. Possible values for ${verify}
|
FAIL
|
A certificate was presented but could not be verified
|
|
NONE
|
STARTTLS has not been performed
|
|
NOT
|
No certificate was requested
|
|
NO
|
No certificate was presented
|
|
OK
|
The verification was successful
|
|
PROTOCOL
|
A protocol error occurred
|
|
SOFTWARE
|
The STARTTLS handshake failed (message will be queued)
|
|
TEMP
|
There was a temporary error
|
The ${verify} macro is used in the standard
configuration file as part of the definition of the
Received: header: If
${tls_version} has a value, the following is
included in the Received:
header's text:
(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})
If ${tls_version} lacks a value, the preceding
text is not included, meaning a STARTTLS connection was not used.
${verify} is transient. If it is defined in the
configuration file or in the command line, that definition is ignored
by sendmail. Note that a
$& prefix is necessary when you reference this
macro in rules (that is, use $&{verify}, not
${verify}).
