On 02/07/2024 20:44, Wolfgang via Exim-users wrote:
to debug, why the valid CERT is not accepted for a DANE verified outbound
connection, I tried to
enable debugging via ACL:
acl_smtp_starttls:
accept
message = TLS debug started
logwrite = TLS debugging acl triggered
control = debug
control = debug/tag=.$sender_host_address
control = debug/opts=-all+deliver+tls
control = debug/trigger=now
However I get not a single line of debug output,
If that's all you added, it's because you didn't actually define an
option called "acl_smtp_starttls" - only an ACL called that.
When I however put those controls to "acl_log_write",
We don't know where (and when, during processing) your config arranges to have
that
acl called. It's probably not a useful place for your needs.
I suggest you would be best doing this in an ACL called from the
acl_smtp_connect
option. Note: option. Read the docs chapters on A) main-config options and
B) ACLs if that is not completely clear.
All that said, I don't think you'll learn anything new. As I said before, the
error
comes from the GnuTLS library. That's *it* deciding to enforce the security
requirements of the certificates in play for the connection.
--
Cheers,
Jeremy
PS: https://exim.org/exim-html-current/doc/html/spec_html/
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/