I have been trying to require certificate verification via setting tls_verify_certificates and tls_verify_hosts. Server is Exim 4.68 on Ubuntu 8.04.1. When tls_verify_hosts = * then the following error is written to mainlog: TLS error on connection from hostname [xxx.xxx.xxx.xxx]:1471 (gnutls_handshake): A TLS packet with unexpected length was received. However, When tls_verify_hosts is changed to be the default (i.e., not set), then Outlook appears to be able to relay the digitally signed encrypted email ok. The relayed message in the recipient's Maildir/ folder in this case contains the following: Message-ID: <(bunch of encrypted text)@(domain)> MIME-Version: 1.0 Content-Type: application/x-pkcs7-mime; smime-type=enveloped-data; name="smime.p7m" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7m" X-Mailer: Microsoft Office Outlook 12.0 Settings in the exim4 config file include the following:
MAIN_TLS_ENABLE = yes MAIN_TLS_ADVERTISE_HOSTS = (number of hosts including the Outlook client machine) daemon_smtp_ports = smtp : 587 tls_certificate = (a certificate file on the server) tls_privatekey = (a certificate file on the server) I am using the exim4-heavy package installed via apt-get. Could this possibly be due to issues with exim4 and gnutls? I've read several cases via google that it has been buggy. Should I instead download the exim4 source code and build with openssl support instead of gnutls? Would that solve the problem? Anyone work with verification via TLS certificates and have any ideas? Thank you kindly in advance. Thanks -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
