I am trying to force my users to use TLS when sending out any emails.
They must authenticate against my MySQL tables also. I think I have the
authentication stuff down, but I am having issues with the TLS part of
it. I created a .crt and .key file with the following command:
openssl req -x509 -newkey rsa:1024 -keyout mycert.key -out mycert.crt
-days 365 -nodes
I then put the .key/.crt file in my /etc/exim4 directory and made sure
that they where both owned by root, but readable by the user used to run
the exim4 process.
in my .conf file for exim here is what I have for the tls options:
tls_advertise_hosts = *
tls_certificate = /etc/exim4/mycert.crt
tls_privatekey = /etc/exim4/mycert.key
tls_verifycertificates = /etc/exim4/mycert.crt
tls_verify_hosts = *
tls_try_verify_hosts = *
In my acl_check_rcpt I have the following:
require
message = relay not permitted
domains = +local_domains : +relay_to_domains
I am not sure what else I should give in order to make this be complete.
When I telnet into the port and then issue a ehlo example.com command I
get the following:
250-SIZE 52428800
250-PIPELINING
250-STARTTLS
250 HELP
When I try to send an email from Thunderbird using one of the domains I
am hosting I get the following error:
Sending of message failed.
The message could not be sent because connection to SMTP server
mail.example.com failed. The server may be unavailable or is refusing
SMTP connections. Please verify that your SMTP server setting is correct
and try again, or else contact your network administrator.
Lastly, the error that is recorded in the logs is as follows:
TLS error on connection from ([xxx.xxx.x.xxx]) [xxx.xxx.x.xxx]
(gnutls_handshake): A TLS warning alert has been received.
Sorry for the long email, but I wanted to try and get as much
information as I currently have to the list. Any help is appreciated and
if there is anything else that I can provide, please just ask.
Thanks,
-Eric