Autor: Jakob Hirsch Data: A: user therion CC: Exim Users Assumpte: Re: [exim] help on TLS for ext. connection
user therion wrote:
> "normal" and clients from outside must authenticate
> first and then connects via tls: ...or is there a wrong thought?
vice versa, first TLS, then AUTH.
> tls_advertise_hosts = *
> tls_verify_hosts = ! relay_from_hosts
> tls_verify_certificates = /etc/exim/certs/cacert.pem
I'm pretty sure you don't want to use client certificates, so you should
remove the tls_verify_* lines. "! relay_from_hosts" is wrong, anyway.
If you want to prevent your local clients (the ones in relay_from_hosts)
from using TLS, use "tls_advertise_hosts = ! +relay_from_hosts", but that
makes not much sense.
> Which role does the relay_from_hosts play to allow
> such a connection from outside??
None at all. The hosts listed there are allowed to relay without
authentication.
> MUST it be defined as relay_from_hosts = * ???
