Autor: Phil Pennock Data: Dla: Martin A. Brooks CC: Exim Users Temat: Re: [exim] verifying certificate information
On 2008-06-15 at 10:49 +0100, Martin A. Brooks wrote: > It does leave me with another question though. I have one machine that
> uses a self-generated certificate and in the log file of remote servers,
> I see entries like this when it sends email:
>
> 2008-06-15 10:41:16 1K7ojY-0000Ac-B1 => martin@???
> R=hubbed_hosts_postgres T=remote_smtp H=fish.clues.ltd.uk [80.68.93.86]
> X=TLS1.0:RSA_AES_256_CBC_SHA1:32 DN="C=GB,ST=London,L=London,O=Clues
> Ltd,CN=fish.clues.ltd.uk,EMAIL=hostmaster@???"
>
> Note the certificate information in the DN="" part of the log file.
> When I send email via the host that is using a "real" certificate, that
> value is blank In the logging options +tls_peerdn is set in both
> machines. Is there another option somewhere I've missed for this?
I suspect that, ironically enough, on the host with the certificate
issued by a well-established CA, you have hosts_avoid_tls set on the
relevant SMTP Transport.