Hello,
On Fri, Jul 27, 2001 at 12:33:09PM +0200, Dirk Slaghekke penned:
> tls_hosts = *
> tls_advertise_hosts = *
> tls_log_cipher = true
> tls_log_peerdn = true
> tls_certificate = /usr/local/exim-3.30/cert.pem
> tls_privatekey = /usr/local/exim-3.30/priv.pem
A few checks:
1) I am sure this is apparent but no harm in asking; Did you compile
exim with SSL?
2) I have this in my exim config,
-------
##############################################################
#
# SSL
##############################################################
tls_advertise_hosts = *
tls_verify_hosts = *
tls_certificate=/var/exim/etc/certs/exim.pem
tls_privatekey=/var/exim/etc/certs/exim.pem
-------
3) Permissions on /var/exim/etc - 755
on /var/exim/etc/certs - 755
exim.pem is readable by all.
4) openssl verfiy exim.pem shows:
exim.pem: /C=CA/ST=British
Columbia/L=Vancouver/O=Open-Systems.org/OU=Mail
Server/CN=mail.open-systems.org/Email=root@???
error 18 at 0 depth lookup:self signed certificate
OK
5) A sample telnet sessions shows below:
[kevin@satan etc/certs] 513 $telnet satan 25
Trying 192.168.33.1...
Connected to satan.
Escape character is '^]'.
220-mail.open-systems.org ESMTP Exim 3.31 #4 Fri, 27 Jul 2001 14:13:39
220-
220 All Connections are Logged and Monitored
starttls
220 OpenSSL/0.9.6beta go ahead
6) What does your logs say?
> How can I force the server to offer TLS support?
7) If all above are correct, but is your MUA configured properly to
send encrypted mail?
-Kevin
--
There's no real need to do housework -- after four years it doesn't get
any worse.
