Hi,
I want exim to only forward mails, if the MTA on the reciving side
presents a specific server certificate.
After reading the documentation at:
http://www.exim.org/exim-html-current/doc/html/spec_html/ch39.html I
found this:
"If the tls_verify_certificates option is set on the smtp transport, it
must name a file or, for OpenSSL only (not GnuTLS), a directory, that
contains a collection of expected server certificates. The client
verifies the server’s certificate against this collection, taking into
account any revoked certificates that are in the list defined by tls_crl."
I tried this, but somehow I can't get it to work.
exim -d shows:
SMTP>> STARTTLS
waiting for data on socket
read response data: size=18
SMTP<< 220 TLS go ahead
initializing GnuTLS as a client
read D-H parameters from file
initialized D-H parameters
no TLS client certificate is specified
verify certificates = /etc/exim4/certs/krausam.de.crt size=4103
initialized certificate stuff
initialized GnuTLS session
TLS certificate verification failed (invalid):
peerdn=C=DE,ST=Bavaria,L=Nuernberg,O=--,CN=mail.krausam.de,EMAIL=micha@???
LOG: MAIN
TLS error on connection to mail.krausam.de [213.95.21.220]: certificate
verification failed (invalid)
ok=0 send_quit=0 send_rset=1 continue_more=0 yield=1 first_address is
not NULL
Micha Krause