Re: [Exim] Q: TLS not for all servers?

Top Page
Delete this message
Reply to this message
Author: Richard Welty
Date:  
To: exim-users
Subject: Re: [Exim] Q: TLS not for all servers?
On Thu, 23 Aug 2001 12:29:06 +0200 (CEST), Dirk wrote:

>
>TLS works fine..... for _nearly_ all servers, in and out.
>
>But connections to one mailserver (sun) don't work
>(
>error:14077410:SSL routines:SSL23_GET_SERVER_
>HELLO:sslv3 alert handshake failure
>)
>
>How can I prevent exim from trying to _deliver_ via TLS to some specific
>hosts?


Philip would probably say RTFM, and he'd be right.

however, in your remote smtp transport, use hosts_avoid_tls:

remote_smtp:
driver = smtp
tls_certificate = /etc/exim/exim-rsa
tls_privatekey = /etc/exim/exim-rsa
hosts_avoid_tls = us.army.mil:mail.speakeasy.org:mail.telemovil.net

it seems to be the case that some admins will install TLS, but not
bother with the certificates. i've seen one case of the previously
described situation where TLS is offered by the server, exim accepts,
and then the server hangs, but i've seen several where the server
offers TLS, exim accepts, and then the server errors because the certs
weren't set up (i'm not sure which MTA is doing this, because you'd
think it should be coded not to offer TLS if the certs aren't there,
but i'm probably just being fussy.)

richard