Eric, I'm not positive here, but try removing the 'tls_verifycertificates' from your configuration. If I'm reading the doc right, I believe that is used to verify the sending client certificates. Is Thunderbird using the same mycert.crt?
See: http://www.exim.org/exim-html-current/doc/html/spec_html/ch39.html#SECID183 Dan Please respond to [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] To: [email protected] cc: (bcc: Dan Mitton/YD/RWDOE) Subject: [exim] Help with TLS and SMTP LSN: Not Relevant User Filed as: Not a Record I am trying to force my users to use TLS when sending out any emails. They must authenticate against my MySQL tables also. I think I have the authentication stuff down, but I am having issues with the TLS part of it. I created a .crt and .key file with the following command: openssl req -x509 -newkey rsa:1024 -keyout mycert.key -out mycert.crt -days 365 -nodes I then put the .key/.crt file in my /etc/exim4 directory and made sure that they where both owned by root, but readable by the user used to run the exim4 process. in my .conf file for exim here is what I have for the tls options: tls_advertise_hosts = * tls_certificate = /etc/exim4/mycert.crt tls_privatekey = /etc/exim4/mycert.key tls_verifycertificates = /etc/exim4/mycert.crt tls_verify_hosts = * tls_try_verify_hosts = * In my acl_check_rcpt I have the following: require message = relay not permitted domains = +local_domains : +relay_to_domains I am not sure what else I should give in order to make this be complete. When I telnet into the port and then issue a ehlo example.com command I get the following: 250-SIZE 52428800 250-PIPELINING 250-STARTTLS 250 HELP When I try to send an email from Thunderbird using one of the domains I am hosting I get the following error: Sending of message failed. The message could not be sent because connection to SMTP server mail.example.com failed. The server may be unavailable or is refusing SMTP connections. Please verify that your SMTP server setting is correct and try again, or else contact your network administrator. Lastly, the error that is recorded in the logs is as follows: TLS error on connection from ([xxx.xxx.x.xxx]) [xxx.xxx.x.xxx] (gnutls_handshake): A TLS warning alert has been received. Sorry for the long email, but I wanted to try and get as much information as I currently have to the list. Any help is appreciated and if there is anything else that I can provide, please just ask. Thanks, -Eric -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/ -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
