[Pkg-exim4-users] Support for tls on connect on outgoing smtp connections?

ael law_ence.dev at ntlworld.com
Sun Dec 7 18:36:14 UTC 2014 

Hello,

One major UK ISP does not support STARTTLS on their "smarthost"/smtp
server. Even on an alternative port: hard to believe but sadly true
it seems.

Here is a swaks session (with a few sensitive edits):- 
---------------------------------------------------------
$ swaks --to to_test at foo.bah --server mail.dumbisp.com -p 465  -tlsc -a

=== Trying mail.dumbisp.com:465...
=== Connected to mail.dumbisp.com.
=== TLS started with cipher TLSv1.2:RC4-MD5:128
=== TLS no local certificate set
=== TLS peer DN={cert details}
<~  220 dumb.smtp ESMTP Service ready
 ~> EHLO this.example
<~  250-dumb.smtp
<~  250-DSN
<~  250-8BITMIME
<~  250-PIPELINING
<~  250-AUTH=LOGIN
<~  250-AUTH LOGIN PLAIN
<~  250-DELIVERBY 300
<~  250 SIZE 41943040
 ~> AUTH LOGIN
<~  334 123456789...
 ~> abcdef1233456.....
<~  334 aaaaa.....
 ~> abcdef.....
<~  235 LOGIN authentication successful
 ~> MAIL FROM:<ael at this.example>
<~  250 MAIL FROM:<ael at this.example> OK
 ~> RCPT TO:<to_test at foo.bah>
<~  250 RCPT TO:<to_test at foo.bah> OK
 ~> DATA
<~  354 Start mail input; end with <CRLF>.<CRLF>
 ~> Date: Sun, 07 Dec 2014 18:08:48 +0000
 ~> To: to_test at foo.bah
 ~> From: ael at this.example
 ~> Subject: test Sun, 07 Dec 2014 18:08:48 +0000
 ~> X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/
 ~> 
 ~> This is a test mailing
 ~> 
 ~> .
<~  250 <547FB491007065A0> Mail accepted
 ~> QUIT
<~  221 dumb.smtp QUIT
=== Connection closed with remote host.
--------------------------------------------------------------

AFAICS exim4 does not support "tls_on_connect" when it is the client -
that is on outgoing connections. And the debian exim4.conf.template
certainly does not unedited.

I did try adding "protocol = smtps" to the remote_smtp_smarthost and
this at least stopped exim and the remote dumb smtp servers hanging.
Now I get an error message instead.

Scanning spec.txt I could find all the support for tls_on_connect,
but all of that seems to be for incoming messages, and none for
outgoing.

Has no one met this before? Do I have to find another MTA?
I will read spec.txt properly, but I am not optimistic from what I
have seen so far.

Any advice or help?

ael

More information about the Pkg-exim4-users mailing list