On Tue, Nov 23, 2010 at 01:55:36PM -0500, Phil Pennock wrote: > On 2010-11-22 at 23:14 +0100, Matthias-Christian Ott wrote: > > for fail-over I want to add a spooling relay to an existing Exim > > server. I would prefer to useauthentication via client certificates. Is > > this possible with Exim? > > Yes. Use the tls_certificate and tls_privatekey options on the SMTP > Transport used. There are other relevant options too. See: > 30.4 Private options for smtp > 39.9 Configuring an Exim client to use TLS > of The Exim Specification, "spec.txt" or online at: > http://www.exim.org/exim-html-current/doc/html/spec_html/index.html
This is not what I was looking for. I'm already using TLS and tls_verify_certificates doesn't solve my problem because it seems to me that I have to keep all client certifcates on the actual mail server in a directory. I would like to sign the server and the client (relay) certificate by a CA and store the CA certificate on the server and instruct the server to accept only messages from relays which provide a certificate which is signed by the server (similar to OpenID client certificate authentication). Regards, Matthias-Christian -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
