Mailing List Archive

On 30/03/2023 20:00, Peter via Exim-users wrote:
> Debian 11 here with exim4 4.94.2-7.

Debian has a configuration wizard. In what respect is
not offering what you need?
--
Cheers,
Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

From: Heiko Schlittermann via Exim-users <exim-users@exim.org>
Date: Fri, 31 Mar 2023 16:09:10 +0200
> Try adding=20
> protocol =3D smtps
> to your smtp transport.
>
> +---------------------------------------------+
> |protocol|Use: smtp|Type: string|Default: smtp|
> +---------------------------------------------+

I guess somewhere in /etc/exim4/. A rather large hierarchy. =8~/
Someone tell me the location more specifically please.

Found port and protocol here.
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_smtp_transport.html
No reference to /etc/exim4 in the filesystem.

"Note that at least one Linux distribution has been seen failing to put
“smtps” in its “/etc/services” file, resulting is such
deferrals." motivated a look in Debian 11.

This is the only occurance of "smtps".
submissions 465/tcp ssmtp smtps urd # Submission over TLS
[RFC8314]

Should a line beginning smtps be added? Eg.
smtps 465/tcp ...

Thx, ... P.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 31/03/2023 16:36, Peter via Exim-users wrote:
> submissions     465/tcp         ssmtp smtps urd # Submission over TLS [RFC8314]
>
> Should a line beginning smtps be added?  Eg.
> smtps 465/tcp  ...

Not needed. The "smtps" values for the exim smtp transport driver
is a keyword, not a reference looked up in /etc/services.

But I'm still thinking that the Debian configuration wizard for Exim
likely has a question on this, and you shouldn't be needing to
manually find the right place in their resulting set of configuration files.
This is my inference from the presence of that macros use pointed
out by Evgeniy.
--
Cheers,
Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Jeremy & all,

From: Jeremy Harris via Exim-users <exim-users@exim.org>
Date: Sat, 1 Apr 2023 17:15:25 +0100
> Exim has a debug mode.
> ...
> $ exim -d+all -odf person@externaldomsin.com </dev/null 2>&1 | tee
> eximdebug.txt | less
>
> You will see the processing that exim does, and should be able to
> infer at what point it diverges from your needs.

Thanks. I should have tried debug before asking. Alerted me to add
lines in /etc/email-addresses.

Still the debug run appears to stop before completion.
?

Thanks for the help, ... P.

================================
root@dalton:/home/root# tail -n 16 eximdebug.txt
19:40:02 9597 closed hints database and lockfile
19:40:02 9597 no host retry record
19:40:02 9597 no message retry record
19:40:02 9597 easthope.ca [158.69.159.172]:465 retry-status = usable
19:40:02 9597 158.69.159.172 in serialize_hosts? no (option unset)
19:40:02 9597 delivering 1pjt45-0002Uk-Jt to easthope.ca
[158.69.159.172] (peter@easthope.ca)
19:40:02 9597 set_process_info: 9597 delivering 1pjt45-0002Uk-Jt to
easthope.ca [158.69.159.172]:465 (peter@easthope.ca)
19:40:02 9597 158.69.159.172 in hosts_require_dane? no (option unset)
19:40:02 9597 Transport port=25 replaced by host-specific port=465
19:40:02 9597 158.69.159.172 in hosts_pipe_connect? no (option unset)
19:40:02 9597 Connecting to easthope.ca [158.69.159.172]:465 ...
158.69.159.172 in hosts_try_fastopen? yes (matched "*")
19:40:02 9597 TFO mode sendto, no data: EINPROGRESS
19:40:02 9597 connected
19:40:02 9597 ?considering: $primary_hostname
19:40:02 9597 ???expanding: $primary_hostname
19:40:02 9597 ??????result: dalton.invalid
root@dalton:/home/root#
================================

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

From: Jeremy Harris via Exim-users <exim-users@exim.org>
Date: Sat, 1 Apr 2023 17:15:25 +0100
> Exim has a debug mode.
> ...
> You will see the processing that exim does, and should be able to
> infer at what point it diverges from your needs.

Thanks. I should have tried debug before asking.

Debug alerted me me to add lines in /etc/email-addresses.

Appears this debug run is incomplete but I don't recognize a clue.

root@dalton:~# tail -n 16 eximdebug.txt
19:40:02 9597 closed hints database and lockfile
19:40:02 9597 no host retry record
19:40:02 9597 no message retry record
19:40:02 9597 easthope.ca [158.69.159.172]:465 retry-status = usable
19:40:02 9597 158.69.159.172 in serialize_hosts? no (option unset)
19:40:02 9597 delivering 1pjt45-0002Uk-Jt to easthope.ca
[158.69.159.172] (peter@easthope.ca)
19:40:02 9597 set_process_info: 9597 delivering 1pjt45-0002Uk-Jt to
easthope.ca [158.69.159.172]:465 (peter@easthope.ca)
19:40:02 9597 158.69.159.172 in hosts_require_dane? no (option unset)
19:40:02 9597 Transport port=25 replaced by host-specific port=465
19:40:02 9597 158.69.159.172 in hosts_pipe_connect? no (option unset)
19:40:02 9597 Connecting to easthope.ca [158.69.159.172]:465 ...
158.69.159.172 in hosts_try_fastopen? yes (matched "*")
19:40:02 9597 TFO mode sendto, no data: EINPROGRESS
19:40:02 9597 connected
19:40:02 9597 ?considering: $primary_hostname
19:40:02 9597 ???expanding: $primary_hostname
19:40:02 9597 ??????result: dalton.invalid
root@dalton:~#

Ref.
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-security_considerations.html

"FIXED_NEVER_USERS can be set to a colon-separated list of users that
are never to be used for any deliveries. This is like the never_users
runtime option, but it cannot be overridden; the runtime option adds
additional users to the list. The default setting is “root”; this
prevents a non-root user who is permitted to modify the runtime file
from using Exim as a way to get root."

Meaning that root is not allowed to send email? If so, the "problem"
is simply me attempting something prohibited; but prohibiting the
administrator from sending email seems unrealistic. What is the
reality?

Thx, ... P.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 06/04/2023 17:28, Peter via Exim-users wrote:
> What is the reality?

"Delivery" meaning the specific phase of a message going outward from
exim, as opposed to being accepted by exim.
--
Cheers,
Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 05/04/2023 17:49, Peter via Exim-users wrote:
> 19:40:02  9597  TFO mode sendto, no data: EINPROGRESS
> 19:40:02  9597  connected
> 19:40:02  9597  ?considering: $primary_hostname
> 19:40:02  9597  ???expanding: $primary_hostname
> 19:40:02  9597  ??????result: dalton.invalid

Something tells me you didn't wait long enough
(which could be, like, ten minutes if it's this
end exim timing out waiting for the target system
to speak).
--
Cheers,
Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Thu, 30 Mar 2023, Peter via Exim-users wrote:

> Hi,
>
> Debian 11 here with exim4 4.94.2-7.
>
> On the localhost, the MUA needs a non-encrypted
> connection on port 25 to exim.
>
> Exim to remote smarthost is TLS-on-connect with AUTH
> PLAIN. The connection was verified with this command.
> $ openssl s_client -crlf -connect mail.easthope.ca:465
>
> How should this be configured?

Ah. I have finally got my head around what you are attempting to do.

If you need exim to send mail to port 465 on the "smarthost" you
cannot just tell it to send the mail ... that would go to port 25
(and use starttls). You need exim to pretend to be an MUA/MSA.

I'm not sure anyone else in the discussion has taken in that point, so
I'm sending this now, while I reead the spec and consider how it might
be done, though my first thought is that you need a transport especially
for this host with options to force the connection to port 465 and
tls-on-connect.

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 06/04/2023 19:53, Jeremy Harris via Exim-users wrote:
> On 05/04/2023 17:49, Peter via Exim-users wrote:
>> 19:40:02  9597  TFO mode sendto, no data: EINPROGRESS
>> 19:40:02  9597  connected
>> 19:40:02  9597  ?considering: $primary_hostname
>> 19:40:02  9597  ???expanding: $primary_hostname
>> 19:40:02  9597  ??????result: dalton.invalid
>
> Something tells me you didn't wait long enough
> (which could be, like, ten minutes if it's this
> end exim timing out waiting for the target system
> to speak).

Actually, I'm not convinced that your transport
actually has "protocol = smtps". The TLS client-side
startup should be visible pretty soon after that "sendto"
(which initiates the TCP connection).

If you look backward in that file there should be a line
like "remote delivery to jgh@test.ex with transport=send_to_server1" -
take that transport name off the end and check it's
the transport in your config
that you are expecting. Then do
# exim -bP transport <the_transport_name>
to dump the actual config (at least, from a freshly loaded
config... you *did* restart exim after any config edits?)
--
Cheers,
Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/