[exim] Re: Fixing or disabling TLS for internal network host…

Inizio della pagina
Delete this message
Reply to this message
Autore: Ian Z via Exim-users
Data:  
To: exim-users
Oggetto: [exim] Re: Fixing or disabling TLS for internal network hosts
On Sat, Oct 07, 2023 at 04:10:24PM -0700, AC via Exim-users wrote:

> The internal hosts are running self-signed certificates. So is there
> a way to either make the self-signed certificates acceptable to the
> main Exim server or otherwise disable the use of TLS by either the
> internal servers or configuring the main server to not advertise TLS
> to the internal hosts?


tls_advertise_hosts main config option should answer the second half
of your question. I don't quite understand the first half, though.
Why does your main server care about the client's certificates? Do
you set tls_verify_hosts or tls_try_verify_hosts? By default these
options are unset, so client certificate signatures don't matter.

Is it possible that the messages are caused by something else than
missing signature verification? Can you show the exact error messages?

--
Ian

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/