[exim] Re: Fixing or disabling TLS for internal network host…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Ian Z via Exim-users
Datum:  
To: exim-users
Betreff: [exim] Re: Fixing or disabling TLS for internal network hosts
On Sat, Oct 07, 2023 at 04:10:24PM -0700, AC via Exim-users wrote:

> The internal hosts are running self-signed certificates. So is there
> a way to either make the self-signed certificates acceptable to the
> main Exim server or otherwise disable the use of TLS by either the
> internal servers or configuring the main server to not advertise TLS
> to the internal hosts?


tls_advertise_hosts main config option should answer the second half
of your question. I don't quite understand the first half, though.
Why does your main server care about the client's certificates? Do
you set tls_verify_hosts or tls_try_verify_hosts? By default these
options are unset, so client certificate signatures don't matter.

Is it possible that the messages are caused by something else than
missing signature verification? Can you show the exact error messages?

--
Ian

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/