Hi, 1st: please send your questions to exim-users@exim.org (not to the *-owner address).
Nospam2k <nospa...@gmail.com> (Mi 16 Okt 2019 01:58:42 CEST): > After many hours of troubleshooting, I cannot figure out how to correctly > setup tls_certificate for multiple domains. I’m using CentOS 7.7 and Exim > 4.92. I have only one exim.conf file. I have in the main body: > > tls_certificate = /etc/exim/private/certs/${lc:${domain:$h_from:}}/cert.pem > tls_privatekey = /etc/exim/private/certs/${lc:${domain:$h_from:}}/privkey.pem Didn't we answer this alreay? The $h_from: isn't available during TLS session setup. > begin transports > > remote_smtp: > tls_certificate = > /etc/exim/private/certs/${lc:${domain:$h_from:}}/cert.pem > tls_privatekey = > /etc/exim/private/certs/${lc:${domain:$h_from:}}/privkey.pem The TLS settings in the transports section are for outgoing connections. The above settings would choose a certificate based on the recipient's domain for an outgoing mail, I suppose, that's not what you want. Use in the main section: TLS_DOMAIN = ${if def:tls_in_sni {${lc:tls_in_sni}}{example.com}} tls_certificate = /etc/exim/private/certs/TLS_DOMAIN/cert.pem tls_privatekey = /etc/exim/private/certs/TLS_DOMAIN/privkey.pem You need a "fallback", as there is a fair chance, that the client doesn't send you a TLS SNI. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
signature.asc
Description: PGP signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/