Re: [exim] Certificate validation failed

2021-10-29 Thread Viktor Dukhovni via Exim-users 
On Sat, Oct 30, 2021 at 12:01:39AM +0100, Dominik Vogt via Exim-users wrote:

> The local Exim is set up to relay outgoing mail that is sent by
> user X to server B and all other outgoing mail to server A.  Both
> servers require TLS for outgoing mail.  But Exim does not use TLS
> for server B and generates this log message:
> 
>   ... TLS session: (certificate verification failed): certificate
>   invalid: delivering unencrypted to H= []
>   (not in hosts_require_tls)

Is it really true that for lack of valid certificate there's a way to
get Exim to fall back to cleartext instead???

Either certificate validation is required, and in which delivery must be
deferred when validation fails, or else validation is *not* required,
in which case Exim should proceed despite certificate verification
failure.

The reported behaviour should be impossible, or at least very difficult
to configure without ignoring warnings that it makes no sense.

-- 
Viktor.

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

[exim] Certificate validation failed

2021-10-29 Thread Dominik Vogt via Exim-users 
Since the Devuan 3 to 4 upgrade, my Exim 4.94.2 installation has a
problem with TLS certificates.

The local exit is set up to relay outgoing mail that is sent by
user X to server B and all other outgoing mail to server A.  Both
servers require TLS for outgoing mail.  But exit does not use TLS
for server B and generates this log message:

  ... TLS session: (certificate verification failed): certificate
  invalid: delivering unencrypted to H= []
  (not in hosts_require_tls)

How can this be fixed or at least debugged?

Ciao

Dominik ^_^  ^_^

--

Dominik Vogt

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Certificate validation failed

2021-10-29 Thread Dominik Vogt via Exim-users 
On Sat, Oct 30, 2021 at 12:01:39AM +0100, Dominik Vogt wrote:
> Since the Devuan 3 to 4 upgrade, my Exim 4.94.2 installation has a
> problem with TLS certificates.
>
> The local exit is set up to relay outgoing mail that is sent by
> user X to server B and all other outgoing mail to server A.  Both
> servers require TLS for outgoing mail.  But exit does not use TLS
> for server B and generates this log message:
>
>   ... TLS session: (certificate verification failed): certificate
>   invalid: delivering unencrypted to H= []
>   (not in hosts_require_tls)
>
> How can this be fixed or at least debugged?

P.S.:  The server uses a self signed certificate.  How can I tell
exit to accept this specific certificate?

Ciao

Dominik ^_^  ^_^

--

Dominik Vogt

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Hi Exim users - problem with hybrid exchange domain sending to exim.

2021-10-29 Thread Jasen Betts via Exim-users 
On 2021-10-29, John Stegenga via Exim-users  wrote:
> My Exim installation is standard, installed on Centos via WHM.
>
>  
>
> Most settings are default.
>
>  
>
> One of my hosted customers reported that one of HIS customers cannot send 
> email to his domain.
>
> We've looked at all kinds of settings, the customers SPF record is ok, but we 
> don't know how to set
> up a PTR for him because:
>
> 1-  His outbound email comes through O365/exchange online, 
>
> 2-  His inbound email goes through ironport devices to an on-premise 
> exchange server.
>
>  
>
> Has anyone dealt with this before?
>
> I added his domain to the whitelist, to no effect.

It's not clear what exim is objecting to. or what change you made where.

Make sure that his domain does not have a broken dnssec configuration.

Perhaps try adding office 365's servers to the whitelist, you should
be able to pull their addresses from the SPF

-- 
  Jasen.

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Hi Exim users - problem with hybrid exchange domain sending to exim.

2021-10-29 Thread Jeremy Harris via Exim-users 

On 29/10/2021 20:14, John Stegenga via Exim-users wrote:

Your advice and expertise is quite welcome!


Your relevant log entries?
His relevant log entries?

You've given no useful information.
--
Cheers,
  Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

[exim] Hi Exim users - problem with hybrid exchange domain sending to exim.

2021-10-29 Thread John Stegenga via Exim-users 
My Exim installation is standard, installed on Centos via WHM.

 

Most settings are default.

 

One of my hosted customers reported that one of HIS customers cannot send email 
to his domain.

We've looked at all kinds of settings, the customers SPF record is ok, but we 
don't know how to set
up a PTR for him because:

1-  His outbound email comes through O365/exchange online, 

2-  His inbound email goes through ironport devices to an on-premise 
exchange server.

 

Has anyone dealt with this before?

I added his domain to the whitelist, to no effect.

 

Your advice and expertise is quite welcome!

John

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/