Re: [Exim] TLS exim to exim ?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Kevin Sindhu
Date:  
À: Dirk Slaghekke
CC: exim-users
Sujet: Re: [Exim] TLS exim to exim ?
Hello,

On Fri, Jul 27, 2001 at 12:33:09PM +0200, Dirk Slaghekke penned:

> tls_hosts = *
> tls_advertise_hosts = *
> tls_log_cipher = true
> tls_log_peerdn = true
> tls_certificate = /usr/local/exim-3.30/cert.pem
> tls_privatekey = /usr/local/exim-3.30/priv.pem


A few checks:

1) I am sure this is apparent but no harm in asking; Did you compile
exim with SSL?

2) I have this in my exim config,

-------
##############################################################
#
# SSL
##############################################################

tls_advertise_hosts = *
tls_verify_hosts = *
tls_certificate=/var/exim/etc/certs/exim.pem
tls_privatekey=/var/exim/etc/certs/exim.pem
-------

3) Permissions on /var/exim/etc     - 755
            on /var/exim/etc/certs  - 755
            exim.pem is readable by all.


4) openssl verfiy exim.pem shows:

exim.pem: /C=CA/ST=British
Columbia/L=Vancouver/O=Open-Systems.org/OU=Mail
Server/CN=mail.open-systems.org/Email=root@???
error 18 at 0 depth lookup:self signed certificate
OK

5) A sample telnet sessions shows below:

[kevin@satan etc/certs] 513 $telnet satan 25
Trying 192.168.33.1...
Connected to satan.
Escape character is '^]'.
220-mail.open-systems.org ESMTP Exim 3.31 #4 Fri, 27 Jul 2001 14:13:39
220-
220 All Connections are Logged and Monitored
starttls
220 OpenSSL/0.9.6beta go ahead

6) What does your logs say?

> How can I force the server to offer TLS support?


7) If all above are correct, but is your MUA configured properly to
send encrypted mail?

-Kevin

--
There's no real need to do housework -- after four years it doesn't get
any worse.