Re: [exim] help on TLS for ext. connection

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Jakob Hirsch
Dátum:  
Címzett: user therion
CC: Exim Users
Tárgy: Re: [exim] help on TLS for ext. connection
user therion wrote:

> "normal" and clients from outside must authenticate
> first and then connects via tls: ...or is there a wrong thought?


vice versa, first TLS, then AUTH.

> tls_advertise_hosts = *
> tls_verify_hosts = ! relay_from_hosts
> tls_verify_certificates = /etc/exim/certs/cacert.pem


I'm pretty sure you don't want to use client certificates, so you should
remove the tls_verify_* lines. "! relay_from_hosts" is wrong, anyway.

If you want to prevent your local clients (the ones in relay_from_hosts)
from using TLS, use "tls_advertise_hosts = ! +relay_from_hosts", but that
makes not much sense.

> Which role does the relay_from_hosts play to allow
> such a connection from outside??


None at all. The hosts listed there are allowed to relay without
authentication.

> MUST it be defined as relay_from_hosts = * ???


Never ever do that!