On 02/07/2024 20:44, Wolfgang via Exim-users wrote:
to debug, why the valid CERT is not accepted for a DANE verified outbound connection, I tried to enable debugging via ACL:acl_smtp_starttls: accept message = TLS debug started logwrite = TLS debugging acl triggered control = debug control = debug/tag=.$sender_host_address control = debug/opts=-all+deliver+tls control = debug/trigger=nowHowever I get not a single line of debug output,
If that's all you added, it's because you didn't actually define an option called "acl_smtp_starttls" - only an ACL called that.
When I however put those controls to "acl_log_write",
We don't know where (and when, during processing) your config arranges to have that acl called. It's probably not a useful place for your needs. I suggest you would be best doing this in an ACL called from the acl_smtp_connect option. Note: option. Read the docs chapters on A) main-config options and B) ACLs if that is not completely clear. All that said, I don't think you'll learn anything new. As I said before, the error comes from the GnuTLS library. That's *it* deciding to enforce the security requirements of the certificates in play for the connection. -- Cheers, Jeremy PS: https://exim.org/exim-html-current/doc/html/spec_html/ -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
