Author: Renaud Allard Date: To: Miki Nakano CC: exim-users Subject: Re: [exim] tls_verify_certificates error when connecting from MS
Outlook 2007
On Wed, November 19, 2008 07:05, Miki Nakano wrote: > I have been trying to require certificate verification via setting
> tls_verify_certificates and tls_verify_hosts. Server is Exim 4.68 on Ubuntu
> 8.04.1. When tls_verify_hosts = * then the following error is
> written to mainlog: TLS error on connection from hostname
> [xxx.xxx.xxx.xxx]:1471
> (gnutls_handshake): A TLS packet with unexpected length was received.
> However, When tls_verify_hosts is changed to be the default (i.e., not
> set), then Outlook appears to be able to relay the digitally signed
> encrypted email ok. The relayed message in the recipient's Maildir/ folder
> in this case contains the following: Message-ID: <(bunch of encrypted
> text)@(domain)> MIME-Version: 1.0
> Content-Type: application/x-pkcs7-mime;
> smime-type=enveloped-data; name="smime.p7m" Content-Transfer-Encoding:
> base64 Content-Disposition: attachment;
> filename="smime.p7m" X-Mailer: Microsoft Office Outlook 12.0
I am not sure of what you are trying to do. If you want to allow Outlook
to send encrypted/signed mails, you certainly don't need tls_verify_hosts.
tls_verify_hosts is only used to verify SSL certificates used in the
communication with the mail server, which is something most MUA will never
have, unless you configure them in a very special fashion. This parameter
has nothing to do with verifying the certificates used to encrypt or sign
the mail in itself.
