On 2021-10-30 Viktor Dukhovni via Exim-users <[email protected]> wrote: [...] > Is it really true that for lack of valid certificate there's a way to > get Exim to fall back to cleartext instead???
Good morning, If a host is in tls_verify_hosts and hosts_try_tls but not in hosts_require_tls exim will fall back to cleartext. (That is for the non-DANE case.) [...] @original submitter: * Use a certiticate that verifyable without client-side changes., e.g. setup DANE on the server and/or use e.g. a letsencrypt cert. * Give client-side exim a way to verify the cert by adding the cert to the trusted list. * Modify the tls_verify_hosts setting. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
