Re: exim4 as a smarthost with TLS

Sat, 31 Jul 2021 05:16:26 -0700 

On Sat, Jul 31, 2021 at 01:03:18PM +0200, rudu wrote:
> Le 31/07/2021 à 08:25, Reco a écrit :
> > On Sat, Jul 31, 2021 at 09:21:02AM +0300, Reco wrote:
> > > > > grep split /etc/exim4/update-exim4.conf.conf
> > > > # grep split /etc/exim4/update-exim4.conf.conf
> > > > dc_use_split_config='false'
> > > And this part shows that to change this you have to edit files at
> > > /etc/exim4/conf.d.
> > Damn. I need to think more before I send e-mails.
> > Of course this part shows that you lack a split exim4 config, so we'll
> > have to edit /etc/exim4/exim4.conf.template.
> > 
> > So, in addition to:
> > 
> > grep -R REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS /etc/exim4/conf.d
> # grep -R REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS /etc/exim4/conf.d
> /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost:.ifdef 
> REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
> /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost: 
> tls_verify_hosts = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
> /etc/exim4/conf.d/transport/10_exim4-config_transport-macros:.ifndef 
> REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
> /etc/exim4/conf.d/transport/10_exim4-config_transport-macros: 
> REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *
> 
> > Please also post this:
> > 
> > grep REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS /etc/exim4/exim4.conf.template
> # grep REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS /etc/exim4/exim4.conf.template
> .ifndef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
>   REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *
> .ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
>   tls_verify_hosts = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS

Seems straightforward enough.
Edit /etc/exim4/exim4.conf.template, you'll need to comment out a block
similar to this:

 .ifndef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
   REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *
 .endif

Do not touch second block (starting with .ifdef
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS).

Execute /usr/sbin/update-exim4.conf.
Bounce exim4.

Smarthost certificate verification should be disabled after this.


If you ever need to reenable it - just uncomment the ifndef block, and
execute /usr/sbin/update-exim4.conf once more.

Reco

Reply via email to