[Pkg-exim4-users] smtps support in Stretch

Gary Dale garydale at torfree.net
Wed Apr 13 13:51:05 UTC 2016

On 13/04/16 02:07 AM, Marc Haber wrote:
> On Tue, Apr 12, 2016 at 05:44:15PM -0400, Gary Dale wrote:
>> On 12/04/16 04:25 PM, Marc Haber wrote:
>>> On Tue, Apr 12, 2016 at 04:05:59PM -0400, Gary Dale wrote:
>>>> Don't have any logs of it working. The oldest one still around just
>>>> shows frozen messages. I mainly use this for some system messages, not
>>>> daily use. However I can send messages through the same remote server
>>>> using Icedove.
>>> Try exim -qf to force delivery and show more logs. Recommended reading
>>> also spec.txt, the chapter titled "how exim delivers mail", and/or
>>> README.Debian.gz, Chapter 2.2.1, titled "Exim 4 as TLS/SSL client",
>>> saying "TLS on connect is not natively supported." As long as upstream
>>> doesn't change this, the Debian package is unlikely to change as well.
>> Remembered I had a Jessie server running exim4. While it's got a lot of
>> frozen messages in the queue, it seems to be working so I looked at the
>> differences and modified update-exim4.conf.conf to fit.
> Exim 4 has never supported tls-on-connect as a client, upstream-wise.
> This mechanism has never been part of any standard and is not up to
> today. Providers who demand that their customers use this are
> violating internet standards.
Agreed about smtps but apparently the practice is quite common. However
Exim4 does support tls-on-connect according to the docs at exim.org.
Notably at
part 1 tells you how to do it. There is even a tls_on_connect_ports
config option.

>>  There were three differences. Here are the lines after I changed them
>>  and successfully sent a test e-mail:
>> dc_eximconfig_configtype='internet'
>> dc_other_hostnames='transponder.rahim-dale; transponder'
>> dc_local_interfaces='; ::0'
>> I don't think the first line was important
> No, it's totally unimportant. It just chooses the major mode of
> operation of your Exim.
> Did you ready any of the fine docs we prepare in the package?
Yes but they don't really help when you're a non-expert trying to make
something work. I think this goes double for when you are trying to make
something work that is non-standard.

>>  and I'm not sure what the ;
>> ::0 does in the third line. Possibly it's the dc_other_hostnames that
>> did the trick?
> Without showing any useable logs, there is no way to judge that.
> Nothing of your config snippets has anything to do with TLS operation
> as a client.

More information about the Pkg-exim4-users mailing list