[exim] exim+tls. Redirection issue

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Andrew Stepanov
Datum:  
To: exim-users
Betreff: [exim] exim+tls. Redirection issue
Hi there!

I was given a task to make communication between mail servers of our group
of companies via TLS(encryption is required, not authentication). Some
servers are MS Exchange with valid(CA signed) certificates. Our exim is with
self-signed certificate(enough for encryption).
I added these options to exim config:

tls_advertise_hosts = *
tls_certificate = /etc/ssl/certs/exim.crt
tls_privatekey = /etc/ssl/certs/exim.pem
tls_on_connect_ports = 465

and to smtp transport section:

remote_smtp:
driver = smtp
tls_certificate = /etc/ssl/certs/exim.crt
tls_privatekey = /etc/ssl/certs/exim.pem
hosts_require_tls = 10.x.x.x:10.y.y.y

, where 10.x.x.x and 10.y.y.y are IPs of Exchange servers. Exchange
administrators added my certificate to corresponding servers as trusted
certificate. And since that time we're having quite acceptable tls
communication.
But, we're experiencing very interesting problem. When a user from the first
exchange server sends message to the exim user, who in turn has redirection
to the second exchange server, the last one doesn't accept the message. Exim
log shows us:

454 4.7.5 Certificate validation failure

Is there any possibilities to make that redirection working right without
turning off TLS?