M G Berberich <berberic@???> (Fr 25 Jul 2008 22:27:40 CEST):
> Hello,
>
> I want to send mails to a smarthost encrypted. My attempts to do it
> over smtps failed, I suppose this can't be done with exim4.
>
> So I tried to force TLS. I already have added a “hosts_require_tls” to
> the “remote_smtp_smarthost” transport to prevent unencrypted delivery.
>
> I tried adding “tls_certificate = …/bla.crt” to make exim check the
> server-certificate against bla.crt, but this gives me:
The "tls_certificate" option is not for checking, it's for telling exim
which certificate it should use as client talking to the remove server.
>
> TLS error on connection to smarthost [ip] (cert/key setup:
> cert=…/bla.crt key=…/bla.crt): Base64 unexpected header error.
something like this should do the trick:
TLS_CRT = /etc/ssl/certs/ssl.schlittermann.de.crt
TLS_KEY = /etc/ssl/private/ssl.schlittermann.de.key
TLS_CA = /etc/ssl/certs/ca-certificates.crt
smtp_tls:
driver = smtp
hosts_require_tls = *
tls_certificate = TLS_CRT
tls_privatekey = TLS_KEY
tls_verify_certificates = TLS_CA
I'm just not sure, if this setup already checks the certificates CN
against the host connected to. But I'd guess, this information could be
found in the spec file.
Best regards from Dresden
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann HS12-RIPE -----------------------------------------
gnupg encrypted messages are welcome - key ID: 48D0359B ---------------
gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B -
