Bug#822174: exim4: Please add hosts_require_tls = REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
Marc Haber
mh+debian-packages at zugschlus.de
Fri Apr 22 10:53:59 UTC 2016
On Thu, Apr 21, 2016 at 10:06:38PM +0200, Samuel Thibault wrote:
> Due to network hickups, some of my mails couldn't go through TLS to my
> smarthost, and exim4 reverted to an unencrypted send:
>
> 2016-04-16 10:39:58 1arJcE-00020M-Cx H=sonata.ens-lyon.org [140.77.166.138] TLS error on connection (gnutls_handshake): timed out
> 2016-04-16 10:39:58 1arJcE-00020M-Cx TLS session failure: delivering unencrypted to sonata.ens-lyon.org [140.77.166.138] (not in hosts_require_tls)
>
> But this got rejected by the smarthost:
>
> 2016-04-16 10:40:06 1arJcE-00020M-Cx ** dave at mielke.cc R=smarthost T=remote_smtp_smarthost H=sonata.ens-lyon.org [140.77.166.138]: SMTP error from remote mail server after MAIL FROM:<samuel.thibault at ens-lyon.org> SIZE=1944: 530 5.7.0 Must issue a STARTTLS command first
Ouch. The smarthost sohuldn't advertise AUTH capabilities before
STARTTLS if it doesn't want to authenticate in clear text.
> And thus I got a bounce. I need to prevent that by setting
> hosts_require_tls, but this doesn't seem to be supported by the debian
> packaging. More precisely, I would need the attached patch to be
> applied.
/etc/exim4/exim4.conf.template is a dpkg-conffile. Feel free to edit
it if you need changes.
Andreas will decide whether he will accept your patch though.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
More information about the Pkg-exim4-maintainers
mailing list