On Wed, November 19, 2008 07:05, Miki Nakano wrote: > I have been trying to require certificate verification via setting > tls_verify_certificates and tls_verify_hosts. Server is Exim 4.68 on Ubuntu > 8.04.1. When tls_verify_hosts = * then the following error is > written to mainlog: TLS error on connection from hostname > [xxx.xxx.xxx.xxx]:1471 > (gnutls_handshake): A TLS packet with unexpected length was received. > However, When tls_verify_hosts is changed to be the default (i.e., not > set), then Outlook appears to be able to relay the digitally signed > encrypted email ok. The relayed message in the recipient's Maildir/ folder > in this case contains the following: Message-ID: <(bunch of encrypted > text)@(domain)> MIME-Version: 1.0 > Content-Type: application/x-pkcs7-mime; > smime-type=enveloped-data; name="smime.p7m" Content-Transfer-Encoding: > base64 Content-Disposition: attachment; > filename="smime.p7m" X-Mailer: Microsoft Office Outlook 12.0
I am not sure of what you are trying to do. If you want to allow Outlook to send encrypted/signed mails, you certainly don't need tls_verify_hosts. tls_verify_hosts is only used to verify SSL certificates used in the communication with the mail server, which is something most MUA will never have, unless you configure them in a very special fashion. This parameter has nothing to do with verifying the certificates used to encrypt or sign the mail in itself. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
