[exim] Re: Fixing or disabling TLS for internal network host…

Góra strony
Delete this message
Reply to this message
Autor: u34--- via Exim-users
Data:  
Dla: exim-users
CC: AC
Temat: [exim] Re: Fixing or disabling TLS for internal network hosts
AC via Exim-users <exim-users@???> wrote:

> I have one primary Exim installation that is my main mail server visible
> to both the internal hosts and as a public host so TLS is enabled on it.
>
> My internal hosts are using Exim in smarthost mode to handle sending
> daemon mail to the main server. All of this is working fine, I just get
> messages in the logs about TLS fatal alerts because the certificate is bad.
>
> The internal hosts are running self-signed certificates. So is there a
> way to either make the self-signed certificates acceptable to the main
> Exim server or otherwise disable the use of TLS by either the internal
> servers or configuring the main server to not advertise TLS to the
> internal hosts?
>
> The only real reason to do this is cosmetic so that I don't get the
> error alerts triggering log monitoring.
>



Consider looking into the certificate comments at READING.Debian.gz. In
case you are not running a Debian derivative, you might search for it on
the web.

openssl-s_client and openssl-s_server, as well as swaks, are useful for
debugging.

Making the whole system treats self signed certificates in the same manner
as it treats other certificate authorities is distribution dependent.

--
u34


> --
> ## subscription configuration (requires account):
> ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
> ## unsubscribe (doesn't require an account):
> ## exim-users-unsubscribe@???
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/