On Thu, Apr 14, 2016 at 09:58:40AM +0100, Jeremy Harris wrote:
> On 14/04/16 07:14, Luca Bertoncello wrote:
> > I have a Server with Exim on my Server and another Server with Exim
> > (4.87) that sends E-Mail using the first server as Relay.
>
> > this warning:
> >
> > SSL verify error: depth=0 error=self signed certificate
>
> Not quite clear on which server you're logging this,
>
> Have a look at the smtp-transport and
> main-section config options tls_verify_hosts and
> tls_try_verify_hosts; write a hostlist that excludes
> your other server.
In future versions of Exim it might be reasonable to not log detailed
chain verification errors when doing unauthenticated opportunistic
TLS, i.e., when it is OK to send in the clear or transmission
proceeds regardless of verification errors.
FWIW, in Postfix the only detail that's logged in such cases is a
one-word TLS verification status along with the protocol version
and cipher.
* Anonymous - server used an certificateless ADH or AECDH cipher
suite.
* Untrusted - server presented a certificate which did not chain
up to a configured trust-anchor.
* Trusted - server presented a certificate which did chain up
to a configured trust-anchor.
* Verified - verification was required and the server chain was
trusted and matched name or fingerprint checks.
Detailed errors performing verification are logged
only when verification is required.
--
Viktor.
