Re: [exim] verifying certificate information

Top Page
Delete this message
Reply to this message
Author: Martin A. Brooks
Date:  
To: exim-users
Subject: Re: [exim] verifying certificate information
Phil Pennock wrote:
> Re-reading your mail, I think that "it" in "when it sends mail" is
> perhaps unclear; so, this is the log-files of remote servers, when
> sending mail to the machine with the self-signed cert, reports the DN,
> but when sending mail to the machine with the externally-issued cert,
> this isn't reported?
>


Given servers A and B, A has a real cert, B has a self-signed. Mail
sent via host B to A results in the self-signed cert's details being
displayed in the logs on A. Mail sent via server A to B in the same
manner gives nothing in server B's logs.

> What's the value of tls_advertise_hosts on the new box?


Both servers have "*".

> Did you get
> fancy and enable it for submission service and not for port 25? Eg, my
> default setting boils down to:
> tls_advertise_hosts = ${if =={$received_port}{587}{*}{}}
>


Nope, just port 25.

> You're looking on identical hosts, both have +tls_peerdn in the
> log_selector?
>


Yes.

> Which library is used on the remote machines? Has that changed
> recently?
>


They both have openssl installed, so I would guess that.

-- 
 Martin A. Brooks |  http://www.antibodymx.net/ | Anti-spam & anti-virus
    Consultant    |  martin@???      | filtering. Inoculate
  antibodymx.net  |  m: +447792493388           | your mail system.