[Pkg-exim4-users] configuring exim4 smtp to use SSL [SOLVED] another way

Sun Mar 29 03:24:52 UTC 2015

On 20150323_2348-0400, Gary Dale wrote:
> On 18/03/15 11:18 AM, Gary Dale wrote:
> >On 18/03/15 02:01 AM, Alex King wrote:
> >>On 18/03/15 16:59, Gary Dale wrote:
> >>>On 17/03/15 08:00 PM, Alex King wrote:
> >>>>On 17/03/15 17:28, Gary Dale wrote:
> >>>>>On 16/03/15 02:36 PM, Alex King wrote:
> >>>>>>
> >>>>>>
> >>>>>>On 17/03/15 05:17, Gary Dale wrote:
> >>>>>>>On 16/03/15 11:56 AM, Marc Haber wrote:
> >>>>>>>>On Mon, Mar 16, 2015 at 10:54:41AM -0400, Gary Dale wrote:
> >>>>>>>>>On 16/03/15 04:10 AM, Marc Haber wrote:
> >>>>>>>>>>On Sun, Mar 15, 2015 at 11:20:38PM -0400, Gary Dale wrote:
> >>>>>>>>>>>The log for an unsuccessful mail says:
> >>>>>>>>>>>2015-03-14 00:47:44 1YWdzE-0000l6-CR <= <sending
> >>>>>>>>>>>e-mail address>
> >>>>>>>>>>>U=garydale P=local S=1665
> >>>>>>>>>>>2015-03-14 00:47:44 1YWdzE-0000l6-CR ** -r at localhost:
> >>>>>>>>>>>Unrouteable address
> >>>>>>>>>>>2015-03-14 00:47:44 1YWdzE-0000l6-CR ** gary at extremeground.com
> >>>>>>>>>>>R=smarthost T=remote_smtp_smarthost: retry time not
> >>>>>>>>>>>reached for any
> >>>>>>>>>>>host after a long failure period
> >>>>>>This line, "retry time not reached for any host after a long
> >>>>>>failure period" is telling you exim has given up and won't even
> >>>>>>try to send, even for new emails arriving to be delivered for
> >>>>>>this address.
> >>>>>>
> >>>>>>This information is kept in the hints db.  Marc correctly
> >>>>>>pointed you to the documentation which explains what is
> >>>>>>happening and how to progress the issue.  See spec chapter 32 (http://www.exim.org/exim-html-current/doc/html/spec_html/ch-retry_configuration.html),
> >>>>>>particularly 32.10, Long-term failures.
> >>>>>>
> >>>>>>To manage your hints db (which should not be necessary in normal
> >>>>>>use), check out exim_ dumpdb and exim_tidydb. (Executables on
> >>>>>>your system with man pages).
> >>>>>>
> >>>>>>HTH,
> >>>>>>Alex
> >>>>>
> >>>>>Would that be on a port basis? Mail sends fine to the same server
> >>>>>using port 26.
> >>>>>
> >>>>>The retry rule that I get for that host: is Retry rule: * *
> >>>>>F,2h,15m; G,16h,1h,1.5; F,4d,6h;
> >>>>>
> >>>>>Looking in the db files, I get basically less information than I
> >>>>>get with mailq and the exim4 log. Tidydb just removes records,
> >>>>>which I can also do by changing the port to 26 and running exim -M
> >>>>><message>, which then sends the message.
> >>>>>
> >>>>I didn't see a failed attempt to connect to a remote system in the
> >>>>original log you posted.   The tidy_db command (or removing the
> >>>>hints (/var/spool/exim4/db/*, see Spec 32.1 Changing retry rules)
> >>>>would allow you to test sending again with the failing configuration
> >>>>(ie, not port 26), so you can see what the actual failure is.
> >>>>
> >>>>Also, viewing the hints with
> >>>>exim_dumpdb /var/spool/exim4/ retry
> >>>>
> >>>>will show the failure reason (which will be in the logs as well, but
> >>>>not for every delivery attempt if the address has been failing for
> >>>>so long that the cutoff time for the last retry algorithm has been
> >>>>reached).
> >>>
> >>>mainlog shows only (after I cleared the queue and retry db) then sent
> >>>fresh e-mail:
> >>>2015-03-17 11:49:08 1YXsvN-0004wQ-2C Remote host
> >>>sunspot.dnchosting.com [199.7.109.2] closed connection in response to
> >>>initial connection
> >>>along with multiple start and end queue runs and retry time not
> >>>reached for any host messages.
> >>>
> >>>while exim_dumpdb shows
> >>>  T:sunspot.dnchosting.com:199.7.109.2:465 -18 65 Remote host
> >>>sunspot.dnchosting.com [199.7.109.2] closed connection in response to
> >>>initial connection
> >>>17-Mar-2015 10:49:11  17-Mar-2015 22:49:08  18-Mar-2015 03:52:53
> >>>
> >>>Again, I am able to send to this host and port using Thunderbird. It
> >>>does take encrypted connections.
> >>OK, so sunspot.dnchosting.com is closing the connection.  It could be a
> >>fault/configuration at the remote site.  Is thunderbird on the same IP
> >>address as your exim?  Maybe they've blacklisted your exim box.  Either
> >>way, try connecting using openssl s_client, or swaks. You can use these
> >>to debug the ssl connection and confirm you can get a raw connection to
> >>the remote server.
> >
> >Did that already. I can connect, send a HELO or EHLO and MAIL FROM: but
> >RCPT-TO: gives an error:
> >
> >RENEGOTIATING
> >depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST
> >Network, CN = USERTrust RSA Certification Authority
> >verify error:num=20:unable to get local issuer certificate
> >verify return:0
> >
> >Thunderbird clients use local IP addresses but would go out on the same
> >routeable IP address. There is only one router in the office. Moreover, I
> >can access the same remote server using port 26 (their unencrypted smtp
> >port) using the same exim box - only the port changes.
> >
> >_______________________________________________
> >Pkg-exim4-users mailing list
> >Pkg-exim4-users at lists.alioth.debian.org
> >http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-exim4-users
> >
> 
> The problem seems to have been the location of the protocol = smtps line. I
> had it originally in
> /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost. Moving it
> to /etc/exim4/exim4.conf.template seems to have done the trick.

For those who can contemplate not having to configure exim4 at all, look
at package msmtp. Exim4 is used by Debian installer to put in place a
proper MTA, but if your sysadmin skills are not up to the task of handling
its complexities, msmtp works fine for dummies like me ;-). I'm using it
to send this post.

HTH,
-- 
Paul E Condon           
pecondon at mesanetworks.net