On Sat, Oct 30, 2021 at 12:37:50PM +0100, Jeremy Harris via Exim-users wrote:
> On 30/10/2021 11:56, Dominik Vogt via Exim-users wrote:
> > The Debian-11/Devuan-4 defaults for "SMARTHOST for outgoing main,
> > fetchmail for incoming mail" are what caused this:
> >
> > .ifdef MAIN_TLS_VERIFY_HOSTS
> > tls_verify_hosts = MAIN_TLS_VERIFY_HOSTS
> > .endif
> >
> > .ifdef MAIN_TLS_TRY_VERIFY_HOSTS
> > tls_try_verify_hosts = MAIN_TLS_TRY_VERIFY_HOSTS
> > .endif
> >
> > .ifndef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
> > REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *
> > .endif
> > .ifdef REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
> > hosts_require_tls = REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
> > .endif
> > No idea to what values of the upper case variables are in the
> > first place. Are they defined at compile time; is there a way to
> > look them up, other than from the Debian src package?
> "exim -bP macro <name-of-macro>" can be used to look one up.
That says that all of these are undefined. So, to enforce TLS and
certificate verification I sould set
MAIN_TLS_VERIFY_HOSTS = *
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *
Somewhere at the beginning of /etx/exim4/exim4.conf.template?
Ciao
Dominik ^_^ ^_^
--
Dominik Vogt
