Bug#822174: exim4: Please add hosts_require_tls = REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS

Samuel Thibault sthibault at debian.org
Thu Apr 21 20:06:38 UTC 2016 

Package: exim4
Version: 4.87-1
Severity: normal
Tags: patch

Hello,

Due to network hickups, some of my mails couldn't go through TLS to my
smarthost, and exim4 reverted to an unencrypted send:

2016-04-16 10:39:58 1arJcE-00020M-Cx H=sonata.ens-lyon.org [140.77.166.138] TLS error on connection (gnutls_handshake): timed out
2016-04-16 10:39:58 1arJcE-00020M-Cx TLS session failure: delivering unencrypted to sonata.ens-lyon.org [140.77.166.138] (not in hosts_require_tls)

But this got rejected by the smarthost:

2016-04-16 10:40:06 1arJcE-00020M-Cx ** dave at mielke.cc R=smarthost T=remote_smtp_smarthost H=sonata.ens-lyon.org [140.77.166.138]: SMTP error from remote mail server after MAIL FROM:<samuel.thibault at ens-lyon.org> SIZE=1944: 530 5.7.0 Must issue a STARTTLS command first

And thus I got a bounce.  I need to prevent that by setting
hosts_require_tls, but this doesn't seem to be supported by the debian
packaging. More precisely, I would need the attached patch to be
applied.

Thanks,
Samuel

-- Package-specific info:
Exim version 4.87 #2 built 07-Apr-2016 17:26:59
Copyright (c) University of Cambridge, 1995 - 2016
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2016
Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DKIM DNSSEC Event OCSP PRDR SOCKS
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /var/lib/exim4/config.autogenerated
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'

dc_eximconfig_configtype='smarthost'
dc_other_hostnames='var.youpi.perso.aquilenet.fr;var.ipv6;var'
dc_local_interfaces='127.0.0.1 ; ::1'
dc_readhost='youpi.perso.aquilenet.fr'
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost='sonata.ens-lyon.org::587:iona.labri.fr::587:smtp.inria.fr::587'
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname='true'
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
mailname:var.youpi.perso.aquilenet.fr

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.5.0 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages exim4 depends on:
ii  cdebconf [debconf-2.0]  0.208
ii  debconf [debconf-2.0]   1.5.59
ii  exim4-base              4.87-1
ii  exim4-daemon-light      4.87-1

exim4 recommends no packages.

exim4 suggests no packages.

-- debconf information excluded

-- 
Samuel
"...[Linux's] capacity to talk via any medium except smoke signals."
(By Dr. Greg Wettstein, Roger Maris Cancer Center)
-------------- next part --------------
--- ./exim4.conf.template.original	2016-04-21 22:04:04.176064933 +0200
+++ ./exim4.conf.template	2016-04-21 22:04:12.336069949 +0200
@@ -1700,6 +1700,9 @@
 .ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
   hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
 .endif
+.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
+  hosts_require_tls = REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
+.endif
 .ifdef REMOTE_SMTP_HEADERS_REWRITE
   headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
 .endif

More information about the Pkg-exim4-maintainers mailing list