Re: [exim] Certificate validation failed

Top Page
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] Certificate validation failed
On 30/10/2021 00:01, Dominik Vogt via Exim-users wrote:
> Since the Devuan 3 to 4 upgrade, my Exim 4.94.2 installation has a
> problem with TLS certificates.
>
> The local exit is set up to relay outgoing mail that is sent by
> user X to server B and all other outgoing mail to server A. Both
> servers require TLS for outgoing mail. But exit does not use TLS
> for server B and generates this log message:
>
>    ... TLS session: (certificate verification failed): certificate
>    invalid: delivering unencrypted to H=<server-b> [<ip-address>]
>    (not in hosts_require_tls)

>
> How can this be fixed or at least debugged?


Don't set tls_verify_hosts in the transport.

The defaults for it and tls_try_verify_hosts do what you
probably want.
--
Cheers,
Jeremy