[exim] exim+tls. Redirection issue

Top Page
This message is part of the following thread:
M+\the complete thread tree sorted by date
MMM 
Roger Burton West at ->
Delete this message
Reply to this message
Author: Andrew Stepanov
Date:  
To: exim-users
Subject: [exim] exim+tls. Redirection issue
Hi there!

I was given a task to make communication between mail servers of our group
of companies via TLS(encryption is required, not authentication). Some
servers are MS Exchange with valid(CA signed) certificates. Our exim is with
self-signed certificate(enough for encryption).
I added these options to exim config:

tls_advertise_hosts = *
tls_certificate = /etc/ssl/certs/exim.crt
tls_privatekey = /etc/ssl/certs/exim.pem
tls_on_connect_ports = 465

and to smtp transport section:

remote_smtp:
driver = smtp
tls_certificate = /etc/ssl/certs/exim.crt
tls_privatekey = /etc/ssl/certs/exim.pem
hosts_require_tls = 10.x.x.x:10.y.y.y

, where 10.x.x.x and 10.y.y.y are IPs of Exchange servers. Exchange
administrators added my certificate to corresponding servers as trusted
certificate. And since that time we're having quite acceptable tls
communication.
But, we're experiencing very interesting problem. When a user from the first
exchange server sends message to the exim user, who in turn has redirection
to the second exchange server, the last one doesn't accept the message. Exim
log shows us:

454 4.7.5 Certificate validation failure

Is there any possibilities to make that redirection working right without
turning off TLS?
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Send a copy of incoming mailsRe: [exim] exim+tls. Redirection issue->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)