Implementing STARTTLS (2)

x509 certificate verification
self-signed
Private CA
Public CA

Exim configuration
tls_try_verify_hosts = *
tls_verify_certificates = /usr/local/etc/exim/certs/trusted
log_selector = +tls_peerdn
received_header_text = "Received: 
    ${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}
    {${if def:sender_ident {from ${sender_ident} }}
    ${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}
    by ${primary_hostname} 
    ${if def:received_protocol {with ${received_protocol}}} 
    ${if def:tls_cipher {($tls_cipher)\n\t}}
    ${if def:tls_peerdn {($tls_peerdn)(verified=$tls_certificate_verified)\n\t}}
    (Exim ${version_number} #${compile_number})\n\t
    id ${message_id}
    ${if def:received_for {\n\tfor $received_for}}"