[exim] tls_verify_certificates error when connecting from MS…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Miki Nakano
Date:  
À: exim-users
Sujet: [exim] tls_verify_certificates error when connecting from MS Outlook 2007
I have been trying to require certificate verification via setting
tls_verify_certificates and tls_verify_hosts. Server is Exim 4.68 on
Ubuntu 8.04.1. When tls_verify_hosts = * then the following error is
written to mainlog:
TLS error on connection from hostname [xxx.xxx.xxx.xxx]:1471
(gnutls_handshake): A TLS packet with unexpected length was received.
However, When tls_verify_hosts is changed to be the default (i.e., not
set), then Outlook appears to be able to relay the digitally signed
encrypted email ok. The relayed message in the recipient's Maildir/
folder in this case contains the following:
Message-ID: <(bunch of encrypted text)@(domain)>
MIME-Version: 1.0
Content-Type: application/x-pkcs7-mime;
smime-type=enveloped-data;
name="smime.p7m"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="smime.p7m"
X-Mailer: Microsoft Office Outlook 12.0
Settings in the exim4 config file include the following:

MAIN_TLS_ENABLE = yes
MAIN_TLS_ADVERTISE_HOSTS = (number of hosts including the Outlook client
machine)
daemon_smtp_ports = smtp : 587
tls_certificate = (a certificate file on the server)
tls_privatekey = (a certificate file on the server)
I am using the exim4-heavy package installed via apt-get. Could this
possibly be due to issues with exim4 and gnutls? I've read several cases
via google that it has been buggy. Should I instead download the exim4
source code and build with openssl support instead of gnutls? Would that
solve the problem? Anyone work with verification via TLS certificates and
have any ideas? Thank you kindly in advance.
Thanks