On Sat, Jul 31, 2021 at 04:03:43PM +0200, Sven Hartge wrote: > Reco <recovery...@enotuniq.net> wrote: > > On Sat, Jul 31, 2021 at 02:45:34PM +0200, Sven Hartge wrote: > >> Reco <recovery...@enotuniq.net> wrote: > >> > >> > Seems straightforward enough. > >> > Edit /etc/exim4/exim4.conf.template, you'll need to comment out a block > >> > similar to this: > >> > >> > .ifndef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS > >> > REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = * > >> > .endif > >> > >> > Do not touch second block (starting with .ifdef > >> > REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS). > >> > >> > Execute /usr/sbin/update-exim4.conf. > >> > Bounce exim4. > >> > >> > Smarthost certificate verification should be disabled after this. > >> > >> Wouldn't it be easier to just create /etc/exim4/exim4.conf.localmacros > >> and put > >> > >> REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = !* > >> > >> in it? > > > Could be. Will exim4.conf.localmacros apply to non-split exim config? > > It will *only* apply to a non-split config.
Agreed. There's nothing wrong in trying REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = !* as far as I'm concerned. Reco