есть 2 exim сервера , с одного пересылается почта на другой . релей принимает почту по tls с клиентов(простой почтовый клиент) вполне успешно . но запустить приём почты с другого exim`а не получается . без tls пересылает нормально.
вот транспорт exim клиента
Код: Выделить всё
to_inet_transport:
driver = smtp
hosts = 10.0.2.159
hosts_require_auth = 10.0.2.159
port = 465
hosts_require_tls = 10.0.2.159
#tls_certificate = /exim/ssl/192.168.103.11.pem
tls_verify_certificates=/exim/ssl/
#tls_certificate =/exim/ssl/CAcert.cer
Код: Выделить всё
16:35:24 3911 Connecting to 10.0.2.159 [10.0.2.159]:465 ... connected
16:35:24 3911 expanding: $primary_hostname
16:35:24 3911 result: yantmail
16:35:24 3911 waiting for data on socket
на этом месте подвисает
16:36:24 3909 selecting on subprocess pipes
16:40:24 3911 ok=0 send_quit=0 send_rset=1 continue_more=0 yield=1 first_address is not NULL
16:40:24 3911 LOG: MAIN
16:40:24 3911 Remote host 10.0.2.159 [10.0.2.159] closed connection in response to initial connection
Код: Выделить всё
16:32:37 10292 initialising GnuTLS as a server
16:32:37 10292 GnuTLS global init required.
16:32:37 10292 initialising GnuTLS server session
16:32:37 10292 Expanding various TLS configuration options for session credentials.
16:32:37 10292 certificate file = /etc/exim4/ssl/10.0.2.159.pem
16:32:37 10292 key file = /etc/exim4/ssl/10.0.2.159-key.pem
16:32:37 10292 TLS: cert/key registered
16:32:37 10292 TLS: tls_verify_certificates not set or empty, ignoring
16:32:37 10292 Initialising GnuTLS server params.
16:32:37 10292 Loading default hard-coded DH params
16:32:37 10292 Loaded fixed standard D-H parameters
16:32:37 10292 GnuTLS using default session cipher/priority "NORMAL"
16:32:37 10292 host in tls_verify_hosts? no (option unset)
16:32:37 10292 host in tls_try_verify_hosts? no (option unset)
16:32:37 10292 TLS: a client certificate will not be requested.
подвисает
16:37:37 10292 LOG: MAIN
16:37:37 10292 TLS error on connection from yantmail [192.168.103.11] I=[10.0.2.159]:465 (gnutls_handshake): timed out
16:37:37 10292 search_tidyup called
A1705: This means that the clients have not sent certificates when asked by the server to do so. If the clients are running Exim, check that tls_certificate is correctly set in their smtp transports. Note that this value is not automatically inherited from the global tls_certificate option.
у кого есть рабочий конфиг, чирканите пжл