From 4f85b7c40485b024bebeeed0c28745bc6c1deaf0 Mon Sep 17 00:00:00 2001
From: Stephen Gran <steve@lobefin.net>
Date: Sun, 5 Apr 2009 00:06:39 +0100
Subject: [PATCH] Make exim use tls certs distributed by puppet Signed-off-by:
 Stephen Gran <steve@lobefin.net>

---
 modules/exim/files/common/exim4.conf | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/modules/exim/files/common/exim4.conf b/modules/exim/files/common/exim4.conf
index 18bf9c879..c9e1e0253 100644
--- a/modules/exim/files/common/exim4.conf
+++ b/modules/exim/files/common/exim4.conf
@@ -124,6 +124,13 @@ RESERVEDADDRS = 0.0.0.0/8 : 127.0.0.0/8 : 10.0.0.0/8 : 169.254.0.0/16 : \
 
 hostlist reservedaddrs = RESERVEDADDRS
 
+tls_certificate = /etc/exim4/ssl/thishost.crt
+tls_privatekey = /etc/exim4/ssl/thishost.key
+.ifdef RELAY_HOST
+tls_try_verify_hosts = *
+tls_verify_certificates = /etc/exim4/ssl/client_certs.pem
+.endif
+
 #system_filter = /etc/exim4/filter
 #system_filter_file_transport = address_file
 
@@ -190,6 +197,7 @@ admin_groups = adm
 remote_sort_domains = *.debian.org:*.debian.net
 
 pipelining_advertise_hosts = !*
+tls_advertise_hosts = *
 smtp_enforce_sync = true
 
 log_selector = +tls_cipher +tls_peerdn +queue_time +deliver_time +smtp_connection +smtp_incomplete_transaction +smtp_confirmation
@@ -1117,7 +1125,9 @@ address_reply:
 remote_smtp:
   driver = smtp
   connect_timeout = 1m
-  hosts_avoid_tls = *
+  tls_tempfail_tryclear = true
+  tls_certificate = /etc/exim4/ssl/thishost.crt
+  tls_privatekey = /etc/exim4/ssl/thishost.key
 
 # Send the message to procmail
 procmail_pipe:
-- 
2.20.1