On 2009-08-31 Ivan Shmakov <[email protected]> wrote: > Package: exim4-daemon-heavy > Version: 4.69-9 > Severity: important
> It seems that the certificate verification fails when Exim > connects to the peer, while should the peer in question connect > to Exim, it succeeds. Consider, e. g.: > * accepting peer's connection (we're the server): > 2009-08-31 20:03:54 1MiD6Y-0006C4-8S <= i...@main... H=... (...) > [62.109.12.37] P=esmtps X=TLS1.0:RSA_AES_256_CBC_SHA1:32 CV=yes > DN="C=RU,ST=Altai Krai,O=Private,OU=SMTP > peers,CN=waterlily.ip.uusia.org,[email protected]" S=800 > id=e1mid6m-00052j...@... > * making a connection to the same peer (we're the client): > 2009-08-31 20:05:43 1MiD8A-0008Jf-2X => i...@main... R=hubbed_hosts > T=remote_smtp H=waterlily.ip.uusia.org [62.109.12.37] > X=TLS1.0:RSA_AES_256_CBC_SHA1:32 CV=no DN="C=RU,ST=Altai > Krai,O=Private,OU=SMTP > peers,CN=waterlily.ip.uusia.org,[email protected]" > Note the CV=yes vs. CV=no discrepancy. [...] Hello, Afaict you have provided exim with a list of trusted certificates to check incoming connections (main configuration option tls_verify_certificates) against but you have not toggled the corresponding option for outgoing connections (the tls_verify_certificates private option of the smtp transport). cu andreas -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
