Hi there! I was given a task to make communication between mail servers of our group of companies via TLS(encryption is required, not authentication). Some servers are MS Exchange with valid(CA signed) certificates. Our exim is with self-signed certificate(enough for encryption). I added these options to exim config:
tls_advertise_hosts = * tls_certificate = /etc/ssl/certs/exim.crt tls_privatekey = /etc/ssl/certs/exim.pem tls_on_connect_ports = 465 and to smtp transport section: remote_smtp: driver = smtp tls_certificate = /etc/ssl/certs/exim.crt tls_privatekey = /etc/ssl/certs/exim.pem hosts_require_tls = 10.x.x.x:10.y.y.y , where 10.x.x.x and 10.y.y.y are IPs of Exchange servers. Exchange administrators added my certificate to corresponding servers as trusted certificate. And since that time we're having quite acceptable tls communication. But, we're experiencing very interesting problem. When a user from the first exchange server sends message to the exim user, who in turn has redirection to the second exchange server, the last one doesn't accept the message. Exim log shows us: 454 4.7.5 Certificate validation failure Is there any possibilities to make that redirection working right without turning off TLS? -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
