On 30/10/2021 00:01, Dominik Vogt via Exim-users wrote:
> Since the Devuan 3 to 4 upgrade, my Exim 4.94.2 installation has a
> problem with TLS certificates.
>
> The local exit is set up to relay outgoing mail that is sent by
> user X to server B and all other outgoing mail to server A. Both
> servers require TLS for outgoing mail. But exit does not use TLS
> for server B and generates this log message:
>
> ... TLS session: (certificate verification failed): certificate
> invalid: delivering unencrypted to H=<server-b> [<ip-address>]
> (not in hosts_require_tls)
>
> How can this be fixed or at least debugged?
Don't set tls_verify_hosts in the transport.
The defaults for it and tls_try_verify_hosts do what you
probably want.
--
Cheers,
Jeremy
