user therion wrote: > "normal" and clients from outside must authenticate > first and then connects via tls: ...or is there a wrong thought?
vice versa, first TLS, then AUTH. > tls_advertise_hosts = * > tls_verify_hosts = ! relay_from_hosts > tls_verify_certificates = /etc/exim/certs/cacert.pem I'm pretty sure you don't want to use client certificates, so you should remove the tls_verify_* lines. "! relay_from_hosts" is wrong, anyway. If you want to prevent your local clients (the ones in relay_from_hosts) from using TLS, use "tls_advertise_hosts = ! +relay_from_hosts", but that makes not much sense. > Which role does the relay_from_hosts play to allow > such a connection from outside?? None at all. The hosts listed there are allowed to relay without authentication. > MUST it be defined as relay_from_hosts = * ??? Never ever do that! -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
