Bug#822174: exim4: Please add hosts_require_tls = REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
Marc Haber
mh+debian-packages at zugschlus.de
Fri Apr 22 22:14:12 UTC 2016
On Fri, Apr 22, 2016 at 01:31:33PM +0200, Samuel Thibault wrote:
> Marc Haber, on Fri 22 Apr 2016 12:53:59 +0200, wrote:
> > On Thu, Apr 21, 2016 at 10:06:38PM +0200, Samuel Thibault wrote:
> > > Due to network hickups, some of my mails couldn't go through TLS to my
> > > smarthost, and exim4 reverted to an unencrypted send:
> > >
> > > 2016-04-16 10:39:58 1arJcE-00020M-Cx H=sonata.ens-lyon.org [140.77.166.138] TLS error on connection (gnutls_handshake): timed out
> > > 2016-04-16 10:39:58 1arJcE-00020M-Cx TLS session failure: delivering unencrypted to sonata.ens-lyon.org [140.77.166.138] (not in hosts_require_tls)
> > >
> > > But this got rejected by the smarthost:
> > >
> > > 2016-04-16 10:40:06 1arJcE-00020M-Cx ** dave at mielke.cc R=smarthost T=remote_smtp_smarthost H=sonata.ens-lyon.org [140.77.166.138]: SMTP error from remote mail server after MAIL FROM:<samuel.thibault at ens-lyon.org> SIZE=1944: 530 5.7.0 Must issue a STARTTLS command first
> >
> > Ouch. The smarthost sohuldn't advertise AUTH capabilities before
> > STARTTLS if it doesn't want to authenticate in clear text.
>
> Well, no, it doesn't:
>
> brl$ telnet smtp.ens-lyon.org 587
> Trying 140.77.166.138...
> Connected to sonata.ens-lyon.org.
> Escape character is '^]'.
> 220 sonata.ens-lyon.org ESMTP Postfix (Debian/GNU)
> ehlo brl.thefreecat.org
> 250-sonata.ens-lyon.org
> 250-PIPELINING
> 250-SIZE 51200000
> 250-VRFY
> 250-ETRN
> 250-STARTTLS
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
> auth
> 530 5.7.0 Must issue a STARTTLS command first
Ah. Exim shouldnt try authenticating then. But the Postfix there gives
the same answer to a MAIL FROM, which is probably the case here.
The workaround given in my first question would still be valid though.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
More information about the Pkg-exim4-maintainers
mailing list