Re: [exim] Exim Retaining Non-Existant SSL Certificates

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: W B Hacker
Fecha:  
A: exim users
Asunto: Re: [exim] Exim Retaining Non-Existant SSL Certificates
W B Hacker wrote:
> Graham Christensen wrote:
>> Alright, I just ran the command to ssl'ize the connection, and the
>> certificate being used is the incorrect one, with the old information
>> (also expired at this point.) I'm not sure on how exactly to debug this,
>> seeing as the SSL certificate *is* correct.
>>
>> Graham
>
> Tell us again what you have here:
>
> tls_certificate = /path/to/cert/certname.pem
>
> Go and see what is actually there.
>
> Check its MD5 against the 'correct' cert you've mentioned.
>
> If no match - smoking gun.
>
> If match, check the *actual* characteristics of that cert (a browser can
> do that as a 'no brainer' w/r [remembering | NOT] how to ask OpenSSL to
> display it if you cp it to someplace the browser can view it).
>
> Bill
>
>
> *snip*
>
>


And BTW, also what you have here:

local_interfaces = <one or more IP>

daemon_smtp_ports = 25 : 587

tls_advertise_hosts = *

tls_remember_esmtp = yes

auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}


AND if you are connecting on port 587 with an MUA, port 25 with another
MTA, are sitting in a shell account on-box (possible invoking a
vestigial 'sendmail' instead of Exim, or

... what ? Besides '`exim -bP tls_certificate` - which you say is OK.

Bill