On 2021-10-30 Viktor Dukhovni via Exim-users <exim-users@???> wrote:
[...] > Is it really true that for lack of valid certificate there's a way to
> get Exim to fall back to cleartext instead???
Good morning,
If a host is in tls_verify_hosts and hosts_try_tls but not in
hosts_require_tls exim will fall back to cleartext. (That is for the
non-DANE case.)
[...]
@original submitter:
* Use a certiticate that verifyable without client-side changes., e.g. setup
DANE on the server and/or use e.g. a letsencrypt cert.
* Give client-side exim a way to verify the cert by adding the cert to
the trusted list.
* Modify the tls_verify_hosts setting.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'