AC via Exim-users <exim-users@???> wrote:
> I have one primary Exim installation that is my main mail server visible
> to both the internal hosts and as a public host so TLS is enabled on it.
>
> My internal hosts are using Exim in smarthost mode to handle sending
> daemon mail to the main server. All of this is working fine, I just get
> messages in the logs about TLS fatal alerts because the certificate is bad.
>
> The internal hosts are running self-signed certificates. So is there a
> way to either make the self-signed certificates acceptable to the main
> Exim server or otherwise disable the use of TLS by either the internal
> servers or configuring the main server to not advertise TLS to the
> internal hosts?
>
> The only real reason to do this is cosmetic so that I don't get the
> error alerts triggering log monitoring.
>
Consider looking into the certificate comments at READING.Debian.gz. In
case you are not running a Debian derivative, you might search for it on
the web.
openssl-s_client and openssl-s_server, as well as swaks, are useful for
debugging.
Making the whole system treats self signed certificates in the same manner
as it treats other certificate authorities is distribution dependent.
--
u34
> --
> ## subscription configuration (requires account):
> ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
> ## unsubscribe (doesn't require an account):
> ## exim-users-unsubscribe@???
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
