--
Hello
I have a problem with the TLS support in Exim.
I've set up my exim server as follows:
tls_advertise_hosts = *
tls_certificate = /etc/exim/cert.server
tls_privatekey = /etc/exim/cert.server
tls_verify_hosts = *
tls_verify_certificates = /etc/exim/certs.d/
tls_host_accept_relay = *
tls_log_cipher = true
tls_log_peerdn = true
If I've understood the documentation right this should allow any host to
try to start a tls session but only allow it for those who can provide
a certificate found in /etc/exim/certs.d named <hash>.0.
If I try to send an email to this host using another machine, this time
with exim as a client, the message does not get sent unless the client
certificate is located /etc/exim/certs.d on the server, that is it works
as promised if the certificate is available.
If the TLS session fails my exim client refuses to send the mail
unencrypted even though I have not specified the server host in the
host_require_tls option.
Anyone got any idea? Have I've missed some configuration option?
$ exim -bV
Exim version 3.33 #1 built 21-Sep-2001 15:36:33
Copyright (c) University of Cambridge 2001
--
Peter Mathiasson | GPG Fingerprint:
E-Mail: peter@??? | A9A7 F8F6 9821 F415 B066
Web : http://www.mathiasson.nu | 77F1 7FF5 C2E6 7BF2 F228
--
[ Content of type application/pgp-signature deleted ]
--
