[Exim] TLS Problem

Top Page
Delete this message
Reply to this message
Author: Peter Mathiasson
Date:  
To: exim-users
Subject: [Exim] TLS Problem
--
Hello

I have a problem with the TLS support in Exim.
I've set up my exim server as follows:

tls_advertise_hosts = *
tls_certificate = /etc/exim/cert.server
tls_privatekey = /etc/exim/cert.server
tls_verify_hosts = *
tls_verify_certificates = /etc/exim/certs.d/
tls_host_accept_relay = *
tls_log_cipher = true
tls_log_peerdn = true

If I've understood the documentation right this should allow any host to
try to start a tls session but only allow it for those who can provide
a certificate found in /etc/exim/certs.d named <hash>.0.

If I try to send an email to this host using another machine, this time
with exim as a client, the message does not get sent unless the client
certificate is located /etc/exim/certs.d on the server, that is it works
as promised if the certificate is available.

If the TLS session fails my exim client refuses to send the mail
unencrypted even though I have not specified the server host in the
host_require_tls option.

Anyone got any idea? Have I've missed some configuration option?

$ exim -bV
Exim version 3.33 #1 built 21-Sep-2001 15:36:33
Copyright (c) University of Cambridge 2001

--
Peter Mathiasson                 | GPG Fingerprint:
E-Mail: peter@???      |  A9A7 F8F6 9821 F415 B066
Web   : http://www.mathiasson.nu |  77F1 7FF5 C2E6 7BF2 F228
--
[ Content of type application/pgp-signature deleted ]
--