[Pkg-exim4-users] configuring exim4 smtp to use SSL
Alex King
alex at king.net.nz
Wed Mar 18 06:01:29 UTC 2015
On 18/03/15 16:59, Gary Dale wrote:
> On 17/03/15 08:00 PM, Alex King wrote:
>> On 17/03/15 17:28, Gary Dale wrote:
>>> On 16/03/15 02:36 PM, Alex King wrote:
>>>>
>>>>
>>>> On 17/03/15 05:17, Gary Dale wrote:
>>>>> On 16/03/15 11:56 AM, Marc Haber wrote:
>>>>>> On Mon, Mar 16, 2015 at 10:54:41AM -0400, Gary Dale wrote:
>>>>>>> On 16/03/15 04:10 AM, Marc Haber wrote:
>>>>>>>> On Sun, Mar 15, 2015 at 11:20:38PM -0400, Gary Dale wrote:
>>>>>>>>> The log for an unsuccessful mail says:
>>>>>>>>> 2015-03-14 00:47:44 1YWdzE-0000l6-CR <= <sending e-mail address>
>>>>>>>>> U=garydale P=local S=1665
>>>>>>>>> 2015-03-14 00:47:44 1YWdzE-0000l6-CR ** -r at localhost:
>>>>>>>>> Unrouteable address
>>>>>>>>> 2015-03-14 00:47:44 1YWdzE-0000l6-CR ** gary at extremeground.com
>>>>>>>>> R=smarthost T=remote_smtp_smarthost: retry time not reached
>>>>>>>>> for any
>>>>>>>>> host after a long failure period
>>>> This line, "retry time not reached for any host after a long
>>>> failure period" is telling you exim has given up and won't even try
>>>> to send, even for new emails arriving to be delivered for this
>>>> address.
>>>>
>>>> This information is kept in the hints db. Marc correctly pointed
>>>> you to the documentation which explains what is happening and how
>>>> to progress the issue. See spec chapter 32
>>>> (http://www.exim.org/exim-html-current/doc/html/spec_html/ch-retry_configuration.html),
>>>> particularly 32.10, Long-term failures.
>>>>
>>>> To manage your hints db (which should not be necessary in normal
>>>> use), check out exim_ dumpdb and exim_tidydb. (Executables on your
>>>> system with man pages).
>>>>
>>>> HTH,
>>>> Alex
>>>
>>> Would that be on a port basis? Mail sends fine to the same server
>>> using port 26.
>>>
>>> The retry rule that I get for that host: is Retry rule: * *
>>> F,2h,15m; G,16h,1h,1.5; F,4d,6h;
>>>
>>> Looking in the db files, I get basically less information than I get
>>> with mailq and the exim4 log. Tidydb just removes records, which I
>>> can also do by changing the port to 26 and running exim -M
>>> <message>, which then sends the message.
>>>
>> I didn't see a failed attempt to connect to a remote system in the
>> original log you posted. The tidy_db command (or removing the hints
>> (/var/spool/exim4/db/*, see Spec 32.1 Changing retry rules) would
>> allow you to test sending again with the failing configuration (ie,
>> not port 26), so you can see what the actual failure is.
>>
>> Also, viewing the hints with
>> exim_dumpdb /var/spool/exim4/ retry
>>
>> will show the failure reason (which will be in the logs as well, but
>> not for every delivery attempt if the address has been failing for so
>> long that the cutoff time for the last retry algorithm has been
>> reached).
>
> mainlog shows only (after I cleared the queue and retry db) then sent
> fresh e-mail:
> 2015-03-17 11:49:08 1YXsvN-0004wQ-2C Remote host
> sunspot.dnchosting.com [199.7.109.2] closed connection in response to
> initial connection
> along with multiple start and end queue runs and retry time not
> reached for any host messages.
>
> while exim_dumpdb shows
> T:sunspot.dnchosting.com:199.7.109.2:465 -18 65 Remote host
> sunspot.dnchosting.com [199.7.109.2] closed connection in response to
> initial connection
> 17-Mar-2015 10:49:11 17-Mar-2015 22:49:08 18-Mar-2015 03:52:53
>
> Again, I am able to send to this host and port using Thunderbird. It
> does take encrypted connections.
OK, so sunspot.dnchosting.com is closing the connection. It could be a
fault/configuration at the remote site. Is thunderbird on the same IP
address as your exim? Maybe they've blacklisted your exim box. Either
way, try connecting using openssl s_client, or swaks. You can use these
to debug the ssl connection and confirm you can get a raw connection to
the remote server.
Cheers,
Alex
More information about the Pkg-exim4-users
mailing list