Re: [exim] Certificate validation failed

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Dominik Vogt
Datum:  
To: exim-users
Betreff: Re: [exim] Certificate validation failed
On Sat, Oct 30, 2021 at 12:37:50PM +0100, Jeremy Harris via Exim-users wrote:
> On 30/10/2021 11:56, Dominik Vogt via Exim-users wrote:
> > The Debian-11/Devuan-4 defaults for "SMARTHOST for outgoing main,
> > fetchmail for incoming mail" are what caused this:
> >
> > .ifdef MAIN_TLS_VERIFY_HOSTS
> > tls_verify_hosts = MAIN_TLS_VERIFY_HOSTS
> > .endif
> >
> > .ifdef MAIN_TLS_TRY_VERIFY_HOSTS
> > tls_try_verify_hosts = MAIN_TLS_TRY_VERIFY_HOSTS
> > .endif
> >
> >   .ifndef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
> >     REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *
> >   .endif
> >   .ifdef REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
> >     hosts_require_tls = REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
> >   .endif


> > No idea to what values of the upper case variables are in the
> > first place. Are they defined at compile time; is there a way to
> > look them up, other than from the Debian src package?


> "exim -bP macro <name-of-macro>" can be used to look one up.


That says that all of these are undefined. So, to enforce TLS and
certificate verification I sould set

MAIN_TLS_VERIFY_HOSTS = *
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *

Somewhere at the beginning of /etx/exim4/exim4.conf.template?

Ciao

Dominik ^_^ ^_^

--

Dominik Vogt