Mailing List Archive

Peter via Exim-users <exim-users@exim.org> (Fr 31 Mär 2023 15:40:35 CEST):
> From: Jeremy Harris via Exim-users <exim-users@exim.org>
> Subject: Re: [exim] Configuring for non-encrypted MUA to localhost.
> TLS-on-connect, exim to smarthost.
> > Debian has a configuration wizard. In what respect is
> > not offering what you need?
>
> MUA to exim is OK.
>
> The configuration appears to impose STARTTLS to the smarthost
> while the smarthost is requiring TLS-on-connect.

> Consequently exim queues outgoing messages but can not send to
> smarthost.

Try adding
protocol = smtps
to your smtp transport.

+---------------------------------------------+
|protocol|Use: smtp|Type: string|Default: smtp|
+---------------------------------------------+

Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -

On Fri, Mar 31, 2023 at 04:09:10PM +0200, Heiko Schlittermann via Exim-users wrote:
> Peter via Exim-users <exim-users@exim.org> (Fr 31 M?r 2023 15:40:35 CEST):
> > From: Jeremy Harris via Exim-users <exim-users@exim.org>
> > Subject: Re: [exim] Configuring for non-encrypted MUA to localhost.
> > TLS-on-connect, exim to smarthost.
> > > Debian has a configuration wizard. In what respect is
> > > not offering what you need?
[...]
> Try adding
> protocol = smtps
> to your smtp transport.

From Debian /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost:

remote_smtp_smarthost:
[...]
.ifdef REMOTE_SMTP_SMARTHOST_PROTOCOL
protocol = REMOTE_SMTP_SMARTHOST_PROTOCOL
.endif

So, this task may be solved by adding REMOTE_SMTP_SMARTHOST_PROTOCOL=smtps
to default configuration.
--
Eugene Berdnikov

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 31/03/2023 16:15, Evgeniy Berdnikov via Exim-users wrote:
> .ifdef REMOTE_SMTP_SMARTHOST_PROTOCOL
> protocol = REMOTE_SMTP_SMARTHOST_PROTOCOL
> .endif

Doesn't that imply the wizard has a question that sets that?

--
Cheers,
Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

D?a 31. marca 2023 15:22:43 UTC používate? Jeremy Harris via Exim-users <exim-users@exim.org> napísal:
>On 31/03/2023 16:15, Evgeniy Berdnikov via Exim-users wrote:
>> .ifdef REMOTE_SMTP_SMARTHOST_PROTOCOL
>> protocol = REMOTE_SMTP_SMARTHOST_PROTOCOL
>> .endif
>
>Doesn't that imply the wizard has a question that sets that?

No, one have to setup it manually and it is not part of stable
nor older, only in testing or stable backports yet.

regards


--
Slavko
https://www.slavino.sk/

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Fri, Mar 31, 2023 at 04:22:43PM +0100, Jeremy Harris via Exim-users wrote:
> On 31/03/2023 16:15, Evgeniy Berdnikov via Exim-users wrote:
> > .ifdef REMOTE_SMTP_SMARTHOST_PROTOCOL
> > protocol = REMOTE_SMTP_SMARTHOST_PROTOCOL
> > .endif
>
> Doesn't that imply the wizard has a question that sets that?

AFAIR, it has not. There are lot of macros used in Debian config,
I'm pretty sure that only small part of them is covered by wizard.
--
Eugene Berdnikov

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Fri, Mar 31, 2023 at 07:18:21PM +0300, Evgeniy Berdnikov via Exim-users wrote:

> AFAIR, it has not. There are lot of macros used in Debian config,
> I'm pretty sure that only small part of them is covered by wizard.

IIRC (I have not used the debian style configuration for a long time),
the macros handled by debconf have a specific prefix, like maybe "DC_"
(but not at all sure about spelling). Marc, where are you?

--
Ian

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Ian & all,

From: Ian Z via Exim-users <exim-users@exim.org>
Date: Fri, 31 Mar 2023 21:35:28 -0700
> IIRC (I have not used the debian style configuration for a long time),
> the macros handled by debconf have a specific prefix, like maybe "DC_"
> (but not at all sure about spelling). Marc, where are you?

You have a good memory Ian. Without studying relevant sources I'm
reasonably sure the file catenated here is produced by Debian command
"dpkg-reconfigure exim4-config".

$ cat /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# ...
# This is a Debian specific file

dc_eximconfig_configtype='smarthost'
dc_other_hostnames=''
dc_local_interfaces='127.0.0.1 ; ::1'
dc_readhost='imager.invalid'
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost='mail.easthope.ca::465'
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname='true'
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
$

I'd rather the heading comments include the file name and a brief
explanation of the origin of the file but I'm not the package
maintainer.

Also to my understanding, execution of update-exim4.conf reads the
above update-exim4.conf.conf and produces
/var/lib/exim4/config.autogenerated.

$ ls -ld /var/lib/exim4/config.autogenerated
-rw-r--r-- 1 root Debian-exim 26696 Apr 1 04:51
/var/lib/exim4/config.autogenerated

Given the size of config.autogenerated, it isn't simply equivalent to
update-exim4.conf.conf; extensive other information is incorporated.

The introduction of /usr/share/doc/exim4/README.Debian has the lofty
claim, "... you have found the README.Debian file. ... It is full of
important information and has been written with the questions in mind
that keep popping up on the mailing lists." Hmm; even the simple
explanation outlined above is absent. Most novices aiming for any
non-trivial configuration of exim will be well baffled. =8~/

This appears exactly appropriate to the smarthost for this system.

$ head -n 25 config.autogenerated | tail -n 4
MAIN_TLS_ENABLE = 1
REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS = *
TLS_ON_CONNECT_PORTS = 465
REQUIRE_PROTOCOL = smtps
$

Nevertheless, the connection fails. Any tip about diagnosis may help.

Thx, ... P.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 01/04/2023 16:22, Peter via Exim-users wrote:
> Nevertheless, the connection fails.  Any tip about diagnosis may help.

Exim has a debug mode. Most commonly triggered from a commandline option.
It is documented in the Exim docs, and possibly (I've not checked
a Debian system) the manpage for exim.

Attempt a test connection using a commandline message send, along the lines
of

$ exim -d+all -odf person@externaldomsin.com </dev/null 2>&1 | tee eximdebug.txt | less

You will see the processing that exim does, and should be able to
infer at what point it diverges from your needs.
--
Cheers,
Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 2023-03-31, Jeremy Harris via Exim-users <exim-users@exim.org> wrote:
> On 31/03/2023 16:15, Evgeniy Berdnikov via Exim-users wrote:
>> .ifdef REMOTE_SMTP_SMARTHOST_PROTOCOL
>> protocol = REMOTE_SMTP_SMARTHOST_PROTOCOL
>> .endif
>
> Doesn't that imply the wizard has a question that sets that?

The macros defined by the wizard are mostly prefixed with DC_

According to the Debian docs it seems that this one needs to be
defined manually.

--
Jasen.
???????? ????? ???????

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Andrew, thanks for replying.

From: Andrew C Aitchison <exim@aitchison.me.uk>
Date: Thu, 6 Apr 2023 22:53:30 +0100 (BST)
> Ah. I have finally got my head around what you are attempting to do.

If not told otherwise, I'd have thought the stated objective is
trivial. Relay a message. TLS not required within localhost. TLS
required between localhost and smarthost. What could be simpler?
Dropping TLS is bad practice in contemporary conditions.

> If you need exim to send mail to port 465 on the "smarthost" you
> cannot just tell it to send the mail ... that would go to port 25 ...

$ grep 465 /etc/exim4/update-exim4.conf.conf
dc_smarthost='mail.easthope.ca::465'

25 # 465

> (and use starttls).

Opportunistic TLS (or STARTTLS) versus Implicit TLS (or TLS-on-connect)
has a history of confusion. =8~/
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers#cite_ref-tcp465_86-0
Even the use of multiple synonymous terms confuses novices.

Opportunistic TLS provides vulnerability.
https://en.wikipedia.org/wiki/Opportunistic_TLS#Weaknesses_and_mitigations

Phasing out of vulnerability and facilitation of security are good
practices. =8~)

Appears the log I have now is complete; the last line has "terminating
with rc=0". Rather than clutter the mailing list with mostly
insignificant data I put it here. http://easthope.ca/eximdebug.txt
If wanted in the mailing list, let me know.

> You need exim to pretend to be an MUA/MSA.

? A good MUA/MSA is here already. It works when exim communicates to
smarthost port 587, STARTTLS. My objective is a MTA described in
first lines above.

> ... I'm sending this now, while I reread the spec and consider how it
> might be done, ...

Thanks.

> ... my first thought is that you need a transport especially for
> this host ...

With very limited knowledge, creation of a transport is a formidable
challenge. =8~/

> ... with options to force the connection to port 465 and
> tls-on-connect.

Yes for exim to smarthost. MUA/MSA to exim is unencrypted, port 25.

Thanks, ... P.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 08/04/2023 19:16, Peter via Exim-users wrote:
> Appears the log I have now is complete; the last line has "terminating
> with rc=0".  Rather than clutter the mailing list with mostly
> insignificant data I put it here. http://easthope.ca/eximdebug.txt

Somewhere along the way the UTF-8 in that got mangled...

But here:

19:37:10 5273 ** peter@easthope.ca R=smarthost T=remote_smtp_smarthost: all hosts for 'easthope.ca' have been failing for a long time (and retry time not reached)

"retry time not reached" is the relevant bit. Exim is holding off for a bit
from trying to connect to a host it has recorded as failing.
It'll try again eventually (assuming you have periodic queue runs) -
or you could just wipe the hints database.


(and that line was being sent to your main log, as well as debug output)
--
Cheers,
Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/