On Sat, Oct 30, 2021 at 12:01:39AM +0100, Dominik Vogt via Exim-users wrote:
> The local Exim is set up to relay outgoing mail that is sent by
> user X to server B and all other outgoing mail to server A. Both
> servers require TLS for outgoing mail. But Exim does not use TLS
> for server B and generates this log message:
>
> ... TLS session: (certificate verification failed): certificate
> invalid: delivering unencrypted to H=<server-b> [<ip-address>]
> (not in hosts_require_tls)
Is it really true that for lack of valid certificate there's a way to
get Exim to fall back to cleartext instead???
Either certificate validation is required, and in which delivery must be
deferred when validation fails, or else validation is *not* required,
in which case Exim should proceed despite certificate verification
failure.
The reported behaviour should be impossible, or at least very difficult
to configure without ignoring warnings that it makes no sense.
--
Viktor.
