Hi,
1st: please send your questions to exim-users@??? (not to the
*-owner address).
Nospam2k <nospam2k@???> (Mi 16 Okt 2019 01:58:42 CEST):
> After many hours of troubleshooting, I cannot figure out how to correctly setup tls_certificate for multiple domains. I’m using CentOS 7.7 and Exim 4.92. I have only one exim.conf file. I have in the main body:
>
> tls_certificate = /etc/exim/private/certs/${lc:${domain:$h_from:}}/cert.pem
> tls_privatekey = /etc/exim/private/certs/${lc:${domain:$h_from:}}/privkey.pem
Didn't we answer this alreay? The $h_from: isn't available during TLS
session setup.
> begin transports
>
> remote_smtp:
> tls_certificate = /etc/exim/private/certs/${lc:${domain:$h_from:}}/cert.pem
> tls_privatekey = /etc/exim/private/certs/${lc:${domain:$h_from:}}/privkey.pem
The TLS settings in the transports section are for outgoing connections.
The above settings would choose a certificate based on the recipient's
domain for an outgoing mail, I suppose, that's not what you want.
Use in the main section:
TLS_DOMAIN = ${if def:tls_in_sni {${lc:tls_in_sni}}{example.com}}
tls_certificate = /etc/exim/private/certs/TLS_DOMAIN/cert.pem
tls_privatekey = /etc/exim/private/certs/TLS_DOMAIN/privkey.pem
You need a "fallback", as there is a fair chance, that the client
doesn't send you a TLS SNI.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
