[exim] Re: Fixing or disabling TLS for internal network host…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: u34--- via Exim-users
Datum:  
To: exim-users, AC
Betreff: [exim] Re: Fixing or disabling TLS for internal network hosts
u34--- via Exim-users <exim-users@???> wrote:

> AC via Exim-users <exim-users@???> wrote:
>
> > I have one primary Exim installation that is my main mail server visible
> > to both the internal hosts and as a public host so TLS is enabled on it.
> >
> > My internal hosts are using Exim in smarthost mode to handle sending
> > daemon mail to the main server. All of this is working fine, I just get
> > messages in the logs about TLS fatal alerts because the certificate is bad.
> >
> > The internal hosts are running self-signed certificates. So is there a
> > way to either make the self-signed certificates acceptable to the main
> > Exim server or otherwise disable the use of TLS by either the internal
> > servers or configuring the main server to not advertise TLS to the
> > internal hosts?
> >
> > The only real reason to do this is cosmetic so that I don't get the
> > error alerts triggering log monitoring.
> >
>
>
> Consider looking into the certificate comments at READING.Debian.gz. In


Fix
                                                    README.Debian.org
not READING. 
An old version is at 
https://sources.debian.org/src/exim4/4.50-8sarge2/debian/README.Debian/
A newer one, which is an xml file, is at 
https://sources.debian.org/src/exim4/4.97~RC1-2/debian/README.Debian.xml/


A biger fix is that all of that refers to the Debian configuration file,
which seems hard to find when not at a Debian derived system.

--
u34

> case you are not running a Debian derivative, you might search for it on
> the web.
>
> openssl-s_client and openssl-s_server, as well as swaks, are useful for
> debugging.
>
> Making the whole system treats self signed certificates in the same manner
> as it treats other certificate authorities is distribution dependent.
>
> --
> u34
>
>
> > --
> > ## subscription configuration (requires account):
> > ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
> > ## unsubscribe (doesn't require an account):
> > ## exim-users-unsubscribe@???
> > ## Exim details at http://www.exim.org/
> > ## Please use the Wiki with this list - http://wiki.exim.org/
>
> --
> ## subscription configuration (requires account):
> ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
> ## unsubscribe (doesn't require an account):
> ## exim-users-unsubscribe@???
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/