Re: [exim] help on TLS for ext. connection

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Jakob Hirsch
日付:  
To: user therion
CC: Exim Users
題目: Re: [exim] help on TLS for ext. connection
user therion wrote:

> "normal" and clients from outside must authenticate
> first and then connects via tls: ...or is there a wrong thought?


vice versa, first TLS, then AUTH.

> tls_advertise_hosts = *
> tls_verify_hosts = ! relay_from_hosts
> tls_verify_certificates = /etc/exim/certs/cacert.pem


I'm pretty sure you don't want to use client certificates, so you should
remove the tls_verify_* lines. "! relay_from_hosts" is wrong, anyway.

If you want to prevent your local clients (the ones in relay_from_hosts)
from using TLS, use "tls_advertise_hosts = ! +relay_from_hosts", but that
makes not much sense.

> Which role does the relay_from_hosts play to allow
> such a connection from outside??


None at all. The hosts listed there are allowed to relay without
authentication.

> MUST it be defined as relay_from_hosts = * ???


Never ever do that!