Re: exim4 as a smarthost with TLS
On Sat, Jul 31, 2021 at 04:03:43PM +0200, Sven Hartge wrote:
> Reco <recoverym4n@enotuniq.net> wrote:
> > On Sat, Jul 31, 2021 at 02:45:34PM +0200, Sven Hartge wrote:
> >> Reco <recoverym4n@enotuniq.net> wrote:
> >>
> >> > Seems straightforward enough.
> >> > Edit /etc/exim4/exim4.conf.template, you'll need to comment out a block
> >> > similar to this:
> >>
> >> > .ifndef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
> >> > REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *
> >> > .endif
> >>
> >> > Do not touch second block (starting with .ifdef
> >> > REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS).
> >>
> >> > Execute /usr/sbin/update-exim4.conf.
> >> > Bounce exim4.
> >>
> >> > Smarthost certificate verification should be disabled after this.
> >>
> >> Wouldn't it be easier to just create /etc/exim4/exim4.conf.localmacros
> >> and put
> >>
> >> REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = !*
> >>
> >> in it?
>
> > Could be. Will exim4.conf.localmacros apply to non-split exim config?
>
> It will *only* apply to a non-split config.
Agreed. There's nothing wrong in trying
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = !* as far as I'm concerned.
Reco
Reply to: