Bug#440663: exim4-config: MAIN_TLS_* doesn't actually enable TLS

[Marc Haber]

On Mon, Sep 03, 2007 at 09:31:48AM -0500, John Goerzen wrote:
> I found that, in able to actually enable TLS, I had to add these lines 
> to the remote_smtp_smarthost transport:
> 
>   tls_certificate = MAIN_TLS_CERTKEY
>   tls_verify_certificates  = MAIN_TLS_VERIFY_CERTIFICATES



> 
> I had created an main/02_custom_tls file with MAIN_TLS_ENABLE = 1 and 
> correct definitions for MAIN_TLS_CERTKEY and 
> MAIN_TLS_VERIFY_CERTIFICATES.  But this was not actually used for 
> sending mail to the smarthost until I added the above lines to the 
> config.

I'd like to see more evidence, such as Debug output, for that, since
exim is documented to automatically use TLS if a remote server
advertises it:

Quoting from spec.txt:
|39.9 Configuring an Exim client to use TLS
|It is not necessary to set any options to have TLS work in the smtp
|transport. If Exim is built with TLS support, and TLS is advertised by
|a server, the smtp transport always tries to start a TLS session. 

Your changes to the configuration made your local exim present its
certificate as a client certificate and caused it to verify the
server's cetificate, see spec.txt 30.3.

Is the smarthost you were trying to connect to maybe requiring client
certificates? Is it publically reachable so that I can try an exim
against it?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190