Re: [exim] verifying certificate information

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MMartin A. Brooks at <-
MMartin A. Brooks at ->
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Martin A. Brooks
CC: Exim Users
Subject: Re: [exim] verifying certificate information
On 2008-06-15 at 10:49 +0100, Martin A. Brooks wrote:
> It does leave me with another question though. I have one machine that
> uses a self-generated certificate and in the log file of remote servers,
> I see entries like this when it sends email:
>
> 2008-06-15 10:41:16 1K7ojY-0000Ac-B1 => martin@???
> R=hubbed_hosts_postgres T=remote_smtp H=fish.clues.ltd.uk [80.68.93.86]
> X=TLS1.0:RSA_AES_256_CBC_SHA1:32 DN="C=GB,ST=London,L=London,O=Clues
> Ltd,CN=fish.clues.ltd.uk,EMAIL=hostmaster@???"
>
> Note the certificate information in the DN="" part of the log file.
> When I send email via the host that is using a "real" certificate, that
> value is blank In the logging options +tls_peerdn is set in both
> machines. Is there another option somewhere I've missed for this?

I suspect that, ironically enough, on the host with the certificate
issued by a well-established CA, you have hosts_avoid_tls set on the
relevant SMTP Transport.

-Phil

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Limit concurrent deliveriesRe: [exim] verifying certificate information->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)