Mailing List Archive

exim4 tls relay to office 365, how to be sure my key/cert are used
I'm trying to configure exim4 to relay outgoing mail through office365
smarthost.
Apparently o365 requires a valid certificate with a known domain in the CN
field, otherwise the amount of mails you can send is limited and you risk
being flagged as spam or have mails refused.

I placed the cert+key i want to use in /etc/exim4/ (exim.key and exim.crt).
Everything seems to be working, but i'm not sure they are actually being
used by exim .. how can I make sure they do ?

If I rename the files and restart exim, mails are still being sent
successfully.. so that makes me wonder if my cert and key are used or not..

If i use exim's sendmail command manually, i see this in the output :

TLS: no client certificate specified; okay

If I use strace, i don't even see the process looking at
/etc/exim4/exim.key and exim.crt so i'm thinking maybe exim doesn't use
them ?

If anyone can help me i'd appreciate.
Thanks

Renaud
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: exim4 tls relay to office 365, how to be sure my key/cert are used [ In reply to ]
Renaud Mertens via Exim-users <exim-users@exim.org> (Di 29 Mai 2018 11:10:51 CEST):
> I'm trying to configure exim4 to relay outgoing mail through office365
> smarthost.
> Apparently o365 requires a valid certificate with a known domain in the CN
> field, otherwise the amount of mails you can send is limited and you risk
> being flagged as spam or have mails refused.
>
> I placed the cert+key i want to use in /etc/exim4/ (exim.key and exim.crt).
> Everything seems to be working, but i'm not sure they are actually being
> used by exim .. how can I make sure they do ?

You need to configure the transport that connects to o365
to use the client certificate. Did you?

Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
Re: exim4 tls relay to office 365, how to be sure my key/cert are used [ In reply to ]
Hi Renaud

You can use the service https://www.checktls.com/TestSender
It tells you whether a certificate was presented or not. You need to
send direct to their mx not through your smarthost though.

Regards, Adrian.

On 29.05.18 11:10, Renaud Mertens via Exim-users wrote:
> I'm trying to configure exim4 to relay outgoing mail through office365
> smarthost.
> Apparently o365 requires a valid certificate with a known domain in the CN
> field, otherwise the amount of mails you can send is limited and you risk
> being flagged as spam or have mails refused.
>
> I placed the cert+key i want to use in /etc/exim4/ (exim.key and exim.crt).
> Everything seems to be working, but i'm not sure they are actually being
> used by exim .. how can I make sure they do ?
>
> If I rename the files and restart exim, mails are still being sent
> successfully.. so that makes me wonder if my cert and key are used or not..
>
> If i use exim's sendmail command manually, i see this in the output :
>
> TLS: no client certificate specified; okay
>
> If I use strace, i don't even see the process looking at
> /etc/exim4/exim.key and exim.crt so i'm thinking maybe exim doesn't use
> them ?
>
> If anyone can help me i'd appreciate.
> Thanks
>
> Renaud
>

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/