| sendmail, 4th Edition

${verify}

Result of cert verification

V8.11 and above

When a connection is made or received and STARTTLS is negotiated, sendmail updates the value of several macros, among which is this ${verify} macro.

This ${verify} macro stores a text word that describes the result of verification of the presented certificate. Those possible text words are shown in Table 21-10.

Table 21-10. Possible values for ${verify}

Word	Description
`FAIL`	A certificate was presented but could not be verified
`NONE`	STARTTLS has not been performed
`NOT`	No certificate was requested
`NO`	No certificate was presented
`OK`	The verification was successful
`PROTOCOL`	A protocol error occurred
`SOFTWARE`	The STARTTLS handshake failed (message will be queued)
`TEMP`	There was a temporary error

The ${verify} macro is used in the standard configuration file as part of the definition of the Received : header: If ${tls_version} has a value, the following is included in the Received : header's text:

 (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})

If ${tls_version} lacks a value, the preceding text is not included, meaning a STARTTLS connection was not used.

${verify} is transient. If it is defined in the configuration file or in the command line, that definition is ignored by sendmail . Note that a $& prefix is necessary when you reference this macro in rules (that is, use $&{verify} , not ${verify} ).