Re: exim4 as a smarthost with TLS

Fri, 30 Jul 2021 16:08:44 -0700 

Thank you Reco, see below

Le 30/07/2021 à 18:27, Reco a écrit :

On Fri, Jul 30, 2021 at 07:25:34PM +0300, Reco wrote:

        Hi.

On Fri, Jul 30, 2021 at 03:35:28PM +0200, rudu wrote:

Still, a simple :
$ mail -s test my.n...@provider.fr
... ends up to show in # tail -f /var/log/exim4/mainlog :
2021-07-30 10:58:09 1m9OLJ-000cAf-Ss <= my.n...@provider.fr U=rudu P=local S=461
2021-07-30 10:58:10 1m9OLJ-000cAf-Ss == my.n...@provider.fr R=smarthost 
T=remote_smtp_smarthost defer (-37) H=smtpauth.provider.fr [185.204.xxx.xxx]: 
TLS
session: (certificate verification failed): certificate invalid

Your exim certificate has nothing to do with this.
But your smarthost certificate certainly does.

Every time you try to send a mail, your exim checks certificate of
remote MTA, and it does not like what it sees.


So, when I ran the command :
# bash /usr/share/doc/exim4-base/examples/exim-gencert
... did I miss something that should be there ?

It's possible. Please provide an output of:

grep -i 'tls_.*verify' /var/lib/exim4/config.autogenerated

grep split exim4/update-exim4.conf.conf

A typo.

grep -i 'tls_.*verify' /var/lib/exim4/config.autogenerated

# grep -i 'tls_.*verify' /var/lib/exim4/config.autogenerated
.ifndef MAIN_TLS_VERIFY_CERTIFICATES
MAIN_TLS_VERIFY_CERTIFICATES = ${if exists{/etc/ssl/certs/ca-certificates.crt}\ 
tls_verify_certificates = MAIN_TLS_VERIFY_CERTIFICATES
.ifdef MAIN_TLS_VERIFY_HOSTS
tls_verify_hosts = MAIN_TLS_VERIFY_HOSTS
.ifdef MAIN_TLS_TRY_VERIFY_HOSTS
tls_try_verify_hosts = MAIN_TLS_TRY_VERIFY_HOSTS
.ifndef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
  REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *
.ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES
  tls_verify_certificates = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES
.ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
  tls_verify_hosts = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS


grep split /etc/exim4/update-exim4.conf.conf

# grep split /etc/exim4/update-exim4.conf.conf
dc_use_split_config='false'

I'm afraid I don't understand much of what you're asking me.
Hope that it gives you any hint about what's going wrong here.

Thank you again.

Rudu

Reply via email to