On 02/07/2024 20:44, Wolfgang via Exim-users wrote:
> to debug, why the valid CERT is not accepted for a DANE verified outbound connection, I tried to
> enable debugging via ACL:
>
>> acl_smtp_starttls:
>> accept
>> message = TLS debug started
>> logwrite = TLS debugging acl triggered
>> control = debug
>> control = debug/tag=.$sender_host_address
>> control = debug/opts=-all+deliver+tls
>> control = debug/trigger=now
>
>
> However I get not a single line of debug output,
If that's all you added, it's because you didn't actually define an
option called "acl_smtp_starttls" - only an ACL called that.
> When I however put those controls to "acl_log_write",
We don't know where (and when, during processing) your config arranges to have that
acl called. It's probably not a useful place for your needs.
I suggest you would be best doing this in an ACL called from the acl_smtp_connect
option. Note: option. Read the docs chapters on A) main-config options and
B) ACLs if that is not completely clear.
All that said, I don't think you'll learn anything new. As I said before, the error
comes from the GnuTLS library. That's *it* deciding to enforce the security
requirements of the certificates in play for the connection.
--
Cheers,
Jeremy
PS:
https://exim.org/exim-html-current/doc/html/spec_html/
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
