Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
configuring exim4 smtp to use SSL
1,497 views
Skip to first unread message
Gary Dale
Mar 13, 2015, 1:20:04 PM3/13/15
to
I'm running a Wheezy/64 server and am trying to get exim4 to send e-mail
using an SSL connection. My current configuration works when I use their
normal smtp port (which is 26, not 25) but fails when I use their
smtp/SSL port (465).
However Thunderbird is able to send e-mail from workstations to the same
server using port 465 and have SSL/TLS identified as the connection
security.
My update-exim4.conf.conf file is (replacing <remote host name> with the
actual name). If dc_smarthost has the port set to 26, mail gets sent.
However with it set to 465, it stays in the mailq.
dc_eximconfig_configtype='smarthost'
dc_other_hostnames=''
dc_local_interfaces='127.0.0.1'
dc_readhost='<remote host name>'
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost='<remote host name>:465'
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname='false'
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
Any ideas?
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: https://lists.debian.org/55031B00...@torfree.net
using an SSL connection. My current configuration works when I use their
normal smtp port (which is 26, not 25) but fails when I use their
smtp/SSL port (465).
However Thunderbird is able to send e-mail from workstations to the same
server using port 465 and have SSL/TLS identified as the connection
security.
My update-exim4.conf.conf file is (replacing <remote host name> with the
actual name). If dc_smarthost has the port set to 26, mail gets sent.
However with it set to 465, it stays in the mailq.
dc_eximconfig_configtype='smarthost'
dc_other_hostnames=''
dc_local_interfaces='127.0.0.1'
dc_readhost='<remote host name>'
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost='<remote host name>:465'
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname='false'
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
Any ideas?
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: https://lists.debian.org/55031B00...@torfree.net
David Wright
Mar 13, 2015, 1:30:03 PM3/13/15
to
Quoting Gary Dale (gary...@torfree.net):
> I'm running a Wheezy/64 server and am trying to get exim4 to send
> e-mail using an SSL connection. My current configuration works when
> I use their normal smtp port (which is 26, not 25) but fails when I
> use their smtp/SSL port (465).
>
> However Thunderbird is able to send e-mail from workstations to the
> same server using port 465 and have SSL/TLS identified as the
> connection security.
>
> My update-exim4.conf.conf file is (replacing <remote host name> with
> the actual name). If dc_smarthost has the port set to 26, mail gets
> sent. However with it set to 465, it stays in the mailq.
>
> dc_eximconfig_configtype='smarthost'
> dc_other_hostnames=''
> dc_local_interfaces='127.0.0.1'
> dc_readhost='<remote host name>'
> dc_relay_domains=''
> dc_minimaldns='false'
> dc_relay_nets=''
> dc_smarthost='<remote host name>:465'
Two colons please, not one.
> I'm running a Wheezy/64 server and am trying to get exim4 to send
> e-mail using an SSL connection. My current configuration works when
> I use their normal smtp port (which is 26, not 25) but fails when I
> use their smtp/SSL port (465).
>
> However Thunderbird is able to send e-mail from workstations to the
> same server using port 465 and have SSL/TLS identified as the
> connection security.
>
> My update-exim4.conf.conf file is (replacing <remote host name> with
> the actual name). If dc_smarthost has the port set to 26, mail gets
> sent. However with it set to 465, it stays in the mailq.
>
> dc_eximconfig_configtype='smarthost'
> dc_other_hostnames=''
> dc_local_interfaces='127.0.0.1'
> dc_readhost='<remote host name>'
> dc_relay_domains=''
> dc_minimaldns='false'
> dc_relay_nets=''
> dc_smarthost='<remote host name>:465'
> CFILEMODE='644'
> dc_use_split_config='false'
> dc_hide_mailname='false'
> dc_mailname_in_oh='true'
> dc_localdelivery='mail_spool'
David.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Eduardo M KALINOWSKI
Mar 13, 2015, 1:30:04 PM3/13/15
to
On Sex, 13 Mar 2015, Gary Dale wrote:
> My update-exim4.conf.conf file is (replacing <remote host name> with
> the actual name). If dc_smarthost has the port set to 26, mail gets
> sent. However with it set to 465, it stays in the mailq.
>
> dc_eximconfig_configtype='smarthost'
> dc_other_hostnames=''
> dc_local_interfaces='127.0.0.1'
> dc_readhost='<remote host name>'
> dc_relay_domains=''
> dc_minimaldns='false'
> dc_relay_nets=''
> dc_smarthost='<remote host name>:465'
> CFILEMODE='644'
> dc_use_split_config='false'
> dc_hide_mailname='false'
> dc_mailname_in_oh='true'
> dc_localdelivery='mail_spool'
>
> Any ideas?
What do the logs say?
> My update-exim4.conf.conf file is (replacing <remote host name> with
> the actual name). If dc_smarthost has the port set to 26, mail gets
> sent. However with it set to 465, it stays in the mailq.
>
> dc_eximconfig_configtype='smarthost'
> dc_other_hostnames=''
> dc_local_interfaces='127.0.0.1'
> dc_readhost='<remote host name>'
> dc_relay_domains=''
> dc_minimaldns='false'
> dc_relay_nets=''
> dc_smarthost='<remote host name>:465'
> CFILEMODE='644'
> dc_use_split_config='false'
> dc_hide_mailname='false'
> dc_mailname_in_oh='true'
> dc_localdelivery='mail_spool'
>
> Any ideas?
Also, port 465 is SSL on connect, you probably need to tell exim that.
(Or convince the remote server administrators do move to STARTTLS on
port 587.)
--
Eduardo M KALINOWSKI
edu...@kalinowski.com.br
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Gary Dale
Mar 14, 2015, 12:30:04 AM3/14/15
to
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Gary Dale
Mar 14, 2015, 1:10:03 AM3/14/15
to
On 13/03/15 01:19 PM, Eduardo M KALINOWSKI wrote:
> On Sex, 13 Mar 2015, Gary Dale wrote:
>> My update-exim4.conf.conf file is (replacing <remote host name> with
>> the actual name). If dc_smarthost has the port set to 26, mail gets
>> sent. However with it set to 465, it stays in the mailq.
>>
>> dc_eximconfig_configtype='smarthost'
>> dc_other_hostnames=''
>> dc_local_interfaces='127.0.0.1'
>> dc_readhost='<remote host name>'
>> dc_relay_domains=''
>> dc_minimaldns='false'
>> dc_relay_nets=''
>> dc_smarthost='<remote host name>:465'
>> CFILEMODE='644'
>> dc_use_split_config='false'
>> dc_hide_mailname='false'
>> dc_mailname_in_oh='true'
>> dc_localdelivery='mail_spool'
>>
>> Any ideas?
>
> What do the logs say?
>
> Also, port 465 is SSL on connect, you probably need to tell exim that.
> (Or convince the remote server administrators do move to STARTTLS on
> port 587.)
I did add tls_on_connect_ports = 465 to exim4.conf.localmacros, which is
> On Sex, 13 Mar 2015, Gary Dale wrote:
>> My update-exim4.conf.conf file is (replacing <remote host name> with
>> the actual name). If dc_smarthost has the port set to 26, mail gets
>> sent. However with it set to 465, it stays in the mailq.
>>
>> dc_eximconfig_configtype='smarthost'
>> dc_other_hostnames=''
>> dc_local_interfaces='127.0.0.1'
>> dc_readhost='<remote host name>'
>> dc_relay_domains=''
>> dc_minimaldns='false'
>> dc_relay_nets=''
>> dc_smarthost='<remote host name>:465'
>> CFILEMODE='644'
>> dc_use_split_config='false'
>> dc_hide_mailname='false'
>> dc_mailname_in_oh='true'
>> dc_localdelivery='mail_spool'
>>
>> Any ideas?
>
> What do the logs say?
>
> Also, port 465 is SSL on connect, you probably need to tell exim that.
> (Or convince the remote server administrators do move to STARTTLS on
> port 587.)
supposed to cover the SSL on connect issue.
The log for an unsuccessful mail says:
2015-03-14 00:47:44 1YWdzE-0000l6-CR <= <sending e-mail address>
U=garydale P=local S=1665
2015-03-14 00:47:44 1YWdzE-0000l6-CR ** -r@localhost: Unrouteable address
2015-03-14 00:47:44 1YWdzE-0000l6-CR ** ga...@extremeground.com
R=smarthost T=remote_smtp_smarthost: retry time not reached for any host
after a long failure period
2015-03-14 00:47:44 1YWdzE-0000l6-CR ** <sending e-mail address>
R=smarthost T=remote_smtp_smarthost: retry time not reached for any host
after a long failure period
2015-03-14 00:47:44 1YWdzE-0000lB-Ik <= <> R=1YWdzE-0000l6-CR
U=Debian-exim P=local S=2720
2015-03-14 00:47:44 1YWdzE-0000lB-Ik ** <sending e-mail address>
R=smarthost T=remote_smtp_smarthost: retry time not reached for any host
after a long failure period
2015-03-14 00:47:44 1YWdzE-0000lB-Ik Frozen (delivery error message)
2015-03-14 00:47:44 1YWdzE-0000l6-CR Completed
I use /etc/email-addresses to change garydale to <sending e-mail
address>. Otherwise the e-mail just bounces.
When I change to port 26 and leave everything else the same, the mail
goes through.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Jörg-Volker Peetz
Mar 14, 2015, 9:40:04 AM3/14/15
to
Gary Dale wrote on 03/14/2015 06:00:
<snip>
protocol = smtps
in the "transport/30_exim4-config_remote_smtp_smarthost" section and didn't
change "tls_on_connect_ports". Don't know if this works when adding it in
"exim4.conf.localmacros" (maybe you try that first?). Also, don't forget to add
an appropriate entry in "passwd.client".
--
Regards,
jvp.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: https://lists.debian.org/me1dc8$g3l$1...@ger.gmane.org
<snip>
>
> I did add tls_on_connect_ports = 465 to exim4.conf.localmacros, which is
> supposed to cover the SSL on connect issue.
>
Besides the dc_smarthost addition "::465", I added
> I did add tls_on_connect_ports = 465 to exim4.conf.localmacros, which is
> supposed to cover the SSL on connect issue.
>
protocol = smtps
in the "transport/30_exim4-config_remote_smtp_smarthost" section and didn't
change "tls_on_connect_ports". Don't know if this works when adding it in
"exim4.conf.localmacros" (maybe you try that first?). Also, don't forget to add
an appropriate entry in "passwd.client".
--
Regards,
jvp.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Gary Dale
Mar 14, 2015, 10:40:04 AM3/14/15
to
On 14/03/15 09:34 AM, Jörg-Volker Peetz wrote:
> Gary Dale wrote on 03/14/2015 06:00:
> <snip>
>> I did add tls_on_connect_ports = 465 to exim4.conf.localmacros, which is
>> supposed to cover the SSL on connect issue.
>>
> Besides the dc_smarthost addition "::465", I added
>
> protocol = smtps
>
> in the "transport/30_exim4-config_remote_smtp_smarthost" section and didn't
> change "tls_on_connect_ports". Don't know if this works when adding it in
> "exim4.conf.localmacros" (maybe you try that first?). Also, don't forget to add
> an appropriate entry in "passwd.client".
Adding protocol = smtps worked. It had to be added to the
> Gary Dale wrote on 03/14/2015 06:00:
> <snip>
>> I did add tls_on_connect_ports = 465 to exim4.conf.localmacros, which is
>> supposed to cover the SSL on connect issue.
>>
> Besides the dc_smarthost addition "::465", I added
>
> protocol = smtps
>
> in the "transport/30_exim4-config_remote_smtp_smarthost" section and didn't
> change "tls_on_connect_ports". Don't know if this works when adding it in
> "exim4.conf.localmacros" (maybe you try that first?). Also, don't forget to add
> an appropriate entry in "passwd.client".
transport/30_exim4-config_remote_smtp_smarthost file. Local_macros
wouldn't take it.
Thanks!
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Gary Dale
Mar 14, 2015, 10:50:04 AM3/14/15
to
On 14/03/15 09:34 AM, Jörg-Volker Peetz wrote:
> Gary Dale wrote on 03/14/2015 06:00:
> <snip>
>> I did add tls_on_connect_ports = 465 to exim4.conf.localmacros, which is
>> supposed to cover the SSL on connect issue.
>>
> Besides the dc_smarthost addition "::465", I added
>
> protocol = smtps
>
> in the "transport/30_exim4-config_remote_smtp_smarthost" section and didn't
> change "tls_on_connect_ports". Don't know if this works when adding it in
> "exim4.conf.localmacros" (maybe you try that first?). Also, don't forget to add
> an appropriate entry in "passwd.client".
Ignore previous e-mail. It didn't work. Tried it with and without the
> <snip>
>> I did add tls_on_connect_ports = 465 to exim4.conf.localmacros, which is
>> supposed to cover the SSL on connect issue.
>>
> Besides the dc_smarthost addition "::465", I added
>
> protocol = smtps
>
> in the "transport/30_exim4-config_remote_smtp_smarthost" section and didn't
> change "tls_on_connect_ports". Don't know if this works when adding it in
> "exim4.conf.localmacros" (maybe you try that first?). Also, don't forget to add
> an appropriate entry in "passwd.client".
tls_on_connect_ports line in local_macros.
Also, the entry in passwd.client would be the same as for the
unencrypted connection, unless I'm missing something.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Jörg-Volker Peetz
Mar 14, 2015, 11:10:04 AM3/14/15
to
Gary Dale wrote on 03/14/2015 15:46:
> On 14/03/15 09:34 AM, Jörg-Volker Peetz wrote:
>> Gary Dale wrote on 03/14/2015 06:00:
>> <snip>
>>> I did add tls_on_connect_ports = 465 to exim4.conf.localmacros, which is
>>> supposed to cover the SSL on connect issue.
>>>
>> Besides the dc_smarthost addition "::465", I added
>>
>> protocol = smtps
>>
>> in the "transport/30_exim4-config_remote_smtp_smarthost" section and didn't
>> change "tls_on_connect_ports". Don't know if this works when adding it in
>> "exim4.conf.localmacros" (maybe you try that first?). Also, don't forget to add
>> an appropriate entry in "passwd.client".
> Ignore previous e-mail. It didn't work. Tried it with and without the
> tls_on_connect_ports line in local_macros.
>
As far as I understand the documentation, tls_on_connect_ports regards clients
> On 14/03/15 09:34 AM, Jörg-Volker Peetz wrote:
>> Gary Dale wrote on 03/14/2015 06:00:
>> <snip>
>>> I did add tls_on_connect_ports = 465 to exim4.conf.localmacros, which is
>>> supposed to cover the SSL on connect issue.
>>>
>> Besides the dc_smarthost addition "::465", I added
>>
>> protocol = smtps
>>
>> in the "transport/30_exim4-config_remote_smtp_smarthost" section and didn't
>> change "tls_on_connect_ports". Don't know if this works when adding it in
>> "exim4.conf.localmacros" (maybe you try that first?). Also, don't forget to add
>> an appropriate entry in "passwd.client".
> Ignore previous e-mail. It didn't work. Tried it with and without the
> tls_on_connect_ports line in local_macros.
>
connecting to your exim4 server.
> Also, the entry in passwd.client would be the same as for the unencrypted
> connection, unless I'm missing something.
>
does answer with another server name than the one given in dc_smarthost. I
therefore added a line with the name of the responding server and same username
and password.
--
Regards,
jvp.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
David Wright
Mar 14, 2015, 9:50:05 PM3/14/15
to
Quoting Gary Dale (gary...@torfree.net):
> On 14/03/15 09:34 AM, Jörg-Volker Peetz wrote:
> >Gary Dale wrote on 03/14/2015 06:00:
> ><snip>
> >>I did add tls_on_connect_ports = 465 to exim4.conf.localmacros, which is
> >>supposed to cover the SSL on connect issue.
> >>
> >Besides the dc_smarthost addition "::465", I added
> >
> > protocol = smtps
> >
> >in the "transport/30_exim4-config_remote_smtp_smarthost" section and didn't
> >change "tls_on_connect_ports". Don't know if this works when adding it in
> >"exim4.conf.localmacros" (maybe you try that first?). Also, don't forget to add
> >an appropriate entry in "passwd.client".
> Ignore previous e-mail. It didn't work. Tried it with and without
> the tls_on_connect_ports line in local_macros.
>
> Also, the entry in passwd.client would be the same as for the
> unencrypted connection, unless I'm missing something.
Is it worth telnetting the port to check that it supports what you
> On 14/03/15 09:34 AM, Jörg-Volker Peetz wrote:
> >Gary Dale wrote on 03/14/2015 06:00:
> ><snip>
> >>I did add tls_on_connect_ports = 465 to exim4.conf.localmacros, which is
> >>supposed to cover the SSL on connect issue.
> >>
> >Besides the dc_smarthost addition "::465", I added
> >
> > protocol = smtps
> >
> >in the "transport/30_exim4-config_remote_smtp_smarthost" section and didn't
> >change "tls_on_connect_ports". Don't know if this works when adding it in
> >"exim4.conf.localmacros" (maybe you try that first?). Also, don't forget to add
> >an appropriate entry in "passwd.client".
> Ignore previous e-mail. It didn't work. Tried it with and without
> the tls_on_connect_ports line in local_macros.
>
> Also, the entry in passwd.client would be the same as for the
> unencrypted connection, unless I'm missing something.
think it does. For example, from several years ago:
$ telnet smtp.lionunicorn.co.uk 25 ←←←←←
Trying 149.255.58.10...
Connected to smtp.lionunicorn.co.uk.
Escape character is '^]'.
220 cloud11.unlimitedwebhosting.co.uk ESMTP
ehlo me.here ←←←←←
250-cloud11.unlimitedwebhosting.co.uk
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-AUTH LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250-PIPELINING
250 8BITMIME
^] ←←←←←
telnet> quit ←←←←←
Connection closed.
I typed these lines. ←←←←←
Cheers,
David.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Gary Dale
Mar 14, 2015, 11:10:03 PM3/14/15
to
On 14/03/15 11:08 AM, Jörg-Volker Peetz wrote:
> Gary Dale wrote on 03/14/2015 15:46:
>> On 14/03/15 09:34 AM, Jörg-Volker Peetz wrote:
>>> Gary Dale wrote on 03/14/2015 06:00:
>>> <snip>
>>>> I did add tls_on_connect_ports = 465 to exim4.conf.localmacros, which is
>>>> supposed to cover the SSL on connect issue.
>>>>
>>> Besides the dc_smarthost addition "::465", I added
>>>
>>> protocol = smtps
>>>
>>> in the "transport/30_exim4-config_remote_smtp_smarthost" section and didn't
>>> change "tls_on_connect_ports". Don't know if this works when adding it in
>>> "exim4.conf.localmacros" (maybe you try that first?). Also, don't forget to add
>>> an appropriate entry in "passwd.client".
>> Ignore previous e-mail. It didn't work. Tried it with and without the
>> tls_on_connect_ports line in local_macros.
>>
> As far as I understand the documentation, tls_on_connect_ports regards clients
> connecting to your exim4 server.
Perhaps. I read it as my exim4 client connecting to a poorly-configured
> Gary Dale wrote on 03/14/2015 15:46:
>> On 14/03/15 09:34 AM, Jörg-Volker Peetz wrote:
>>> Gary Dale wrote on 03/14/2015 06:00:
>>> <snip>
>>>> I did add tls_on_connect_ports = 465 to exim4.conf.localmacros, which is
>>>> supposed to cover the SSL on connect issue.
>>>>
>>> Besides the dc_smarthost addition "::465", I added
>>>
>>> protocol = smtps
>>>
>>> in the "transport/30_exim4-config_remote_smtp_smarthost" section and didn't
>>> change "tls_on_connect_ports". Don't know if this works when adding it in
>>> "exim4.conf.localmacros" (maybe you try that first?). Also, don't forget to add
>>> an appropriate entry in "passwd.client".
>> Ignore previous e-mail. It didn't work. Tried it with and without the
>> tls_on_connect_ports line in local_macros.
>>
> As far as I understand the documentation, tls_on_connect_ports regards clients
> connecting to your exim4 server.
remote smarthost.
>
>> Also, the entry in passwd.client would be the same as for the unencrypted
>> connection, unless I'm missing something.
>>
> Take a look into the log file. In my case the server exim4 tries to connect to,
> does answer with another server name than the one given in dc_smarthost. I
> therefore added a line with the name of the responding server and same username
> and password.
I considered that (previous experience with google) and used *.com in
>> Also, the entry in passwd.client would be the same as for the unencrypted
>> connection, unless I'm missing something.
>>
> Take a look into the log file. In my case the server exim4 tries to connect to,
> does answer with another server name than the one given in dc_smarthost. I
> therefore added a line with the name of the responding server and same username
> and password.
the passwd.client line since I just have the one server I'm connecting to.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Gary Dale
Mar 14, 2015, 11:30:03 PM3/14/15
to
port 26, including the ESMTP line, but not when I use port 465. When I
connect to port 465, I get kicked out if I enter the EHLO or a USER
command, etc..
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Jörg-Volker Peetz
Mar 15, 2015, 5:40:06 AM3/15/15
to
Gary Dale wrote on 03/15/2015 04:26:
<snip>
gets immediately kicked out.
What output appears now in the log file? If I remove the "protocol = smtps"
line, something ending in
"... closed connection in response to initial connection"
is logged when trying to deliver a mail.
To make sure, after changing the configuration files of exim4 you issued the
commands
update-exim4.conf
and something like
service exim4 restart
?
--
Regards,
jvp.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: https://lists.debian.org/me3jjt$6no$1...@ger.gmane.org
<snip>
> I can telnet to both 26 and 465. I get three 220 lines when I connect to port
> 26, including the ESMTP line, but not when I use port 465. When I connect to
> port 465, I get kicked out if I enter the EHLO or a USER command, etc..
>
Also on the smtps server my exim4 connects to on port 465, a telnet connection
> 26, including the ESMTP line, but not when I use port 465. When I connect to
> port 465, I get kicked out if I enter the EHLO or a USER command, etc..
>
gets immediately kicked out.
What output appears now in the log file? If I remove the "protocol = smtps"
line, something ending in
"... closed connection in response to initial connection"
is logged when trying to deliver a mail.
To make sure, after changing the configuration files of exim4 you issued the
commands
update-exim4.conf
and something like
service exim4 restart
?
--
Regards,
jvp.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Gary Dale
Mar 15, 2015, 8:10:04 AM3/15/15
to
On 15/03/15 05:32 AM, Jörg-Volker Peetz wrote:
> Gary Dale wrote on 03/15/2015 04:26:
> <snip>
>> I can telnet to both 26 and 465. I get three 220 lines when I connect to port
>> 26, including the ESMTP line, but not when I use port 465. When I connect to
>> port 465, I get kicked out if I enter the EHLO or a USER command, etc..
>>
> Also on the smtps server my exim4 connects to on port 465, a telnet connection
> gets immediately kicked out.
>
> What output appears now in the log file? If I remove the "protocol = smtps"
> line, something ending in
>
> "... closed connection in response to initial connection"
>
> is logged when trying to deliver a mail.
>
> To make sure, after changing the configuration files of exim4 you issued the
> commands
>
> update-exim4.conf
>
> and something like
>
> service exim4 restart
>
> ?
I get the closed connection message on screen when I'm kicked out from
> Gary Dale wrote on 03/15/2015 04:26:
> <snip>
>> I can telnet to both 26 and 465. I get three 220 lines when I connect to port
>> 26, including the ESMTP line, but not when I use port 465. When I connect to
>> port 465, I get kicked out if I enter the EHLO or a USER command, etc..
>>
> Also on the smtps server my exim4 connects to on port 465, a telnet connection
> gets immediately kicked out.
>
> What output appears now in the log file? If I remove the "protocol = smtps"
> line, something ending in
>
> "... closed connection in response to initial connection"
>
> is logged when trying to deliver a mail.
>
> To make sure, after changing the configuration files of exim4 you issued the
> commands
>
> update-exim4.conf
>
> and something like
>
> service exim4 restart
>
> ?
the 465 port. I don't see anything in the logs I've looked at.
And yes, I am doing the update and restart when I change the configuration.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Jörg-Volker Peetz
Mar 15, 2015, 11:10:03 AM3/15/15
to
Forgot to mention that I'm using jessie with exim4 version 4.84-8.
--
Regards,
jvp.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: https://lists.debian.org/me46qp$6ek$1...@ger.gmane.org
--
Regards,
jvp.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
James
Mar 15, 2015, 12:20:05 PM3/15/15
to
Use:
openssl s_client -connect [IP]:smtps
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
David Wright
Mar 16, 2015, 11:50:07 AM3/16/15
to
Quoting James (bjlo...@lockie.ca):
> You can't telnet to an ssl port.
> Use:
> openssl s_client -connect [IP]:smtps
I'm sorry if I muddied the waters by suggesting using telnet.
> You can't telnet to an ssl port.
> Use:
> openssl s_client -connect [IP]:smtps
I find it a useful tool to quickly test whether I can reach a port,
whether anything is listening, and whether the response is the same as
I got last time/when things were working, even if that response is
to connect for a few seconds and then disconnect (like 80 does).
And I can get the results from ten differnet ports in one screenful
of text.
Cheers,
David.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Brian
Mar 16, 2015, 12:40:03 PM3/16/15
to
On Mon 16 Mar 2015 at 10:46:25 -0500, David Wright wrote:
> Quoting James (bjlo...@lockie.ca):
>
> > You can't telnet to an ssl port.
> > Use:
> > openssl s_client -connect [IP]:smtps
>
> I'm sorry if I muddied the waters by suggesting using telnet.
> I find it a useful tool to quickly test whether I can reach a port,
> whether anything is listening, and whether the response is the same as
> I got last time/when things were working, even if that response is
> to connect for a few seconds and then disconnect (like 80 does).
> And I can get the results from ten differnet ports in one screenful
> of text.
A slight mistake; but now the OP is back on the right track all he
> Quoting James (bjlo...@lockie.ca):
>
> > You can't telnet to an ssl port.
> > Use:
> > openssl s_client -connect [IP]:smtps
>
> I'm sorry if I muddied the waters by suggesting using telnet.
> I find it a useful tool to quickly test whether I can reach a port,
> whether anything is listening, and whether the response is the same as
> I got last time/when things were working, even if that response is
> to connect for a few seconds and then disconnect (like 80 does).
> And I can get the results from ten differnet ports in one screenful
> of text.
should have to do is issue the helo, mail from:, rcpt to: and data
commands to test whether sending mail is possible. If it is he can
then take a closer look at his exim setup.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Gary Dale
Mar 17, 2015, 12:00:04 AM3/17/15
to
On 16/03/15 12:37 PM, Brian wrote:
> On Mon 16 Mar 2015 at 10:46:25 -0500, David Wright wrote:
>
>> Quoting James (bjlo...@lockie.ca):
>>
>>> You can't telnet to an ssl port.
>>> Use:
>>> openssl s_client -connect [IP]:smtps
>> I'm sorry if I muddied the waters by suggesting using telnet.
>> I find it a useful tool to quickly test whether I can reach a port,
>> whether anything is listening, and whether the response is the same as
>> I got last time/when things were working, even if that response is
>> to connect for a few seconds and then disconnect (like 80 does).
>> And I can get the results from ten differnet ports in one screenful
>> of text.
> A slight mistake; but now the OP is back on the right track all he
> should have to do is issue the helo, mail from:, rcpt to: and data
> commands to test whether sending mail is possible. If it is he can
> then take a closer look at his exim setup.
OK, following the doc at http://www.debianhelp.co.uk/mail.htm, I could
> On Mon 16 Mar 2015 at 10:46:25 -0500, David Wright wrote:
>
>> Quoting James (bjlo...@lockie.ca):
>>
>>> You can't telnet to an ssl port.
>>> Use:
>>> openssl s_client -connect [IP]:smtps
>> I'm sorry if I muddied the waters by suggesting using telnet.
>> I find it a useful tool to quickly test whether I can reach a port,
>> whether anything is listening, and whether the response is the same as
>> I got last time/when things were working, even if that response is
>> to connect for a few seconds and then disconnect (like 80 does).
>> And I can get the results from ten differnet ports in one screenful
>> of text.
> A slight mistake; but now the OP is back on the right track all he
> should have to do is issue the helo, mail from:, rcpt to: and data
> commands to test whether sending mail is possible. If it is he can
> then take a closer look at his exim setup.
enter:
HELO <my domain>
MAIL FROM <account>@<mydomain>
but things get interesting when I enter the rcpt to:
RCPT TO: ga...@extremeground.com
RENEGOTIATING
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST
Network, CN = USERTrust RSA Certification Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
After that, I can't enter DATA. It says 503 valid RCPT command must
precede DATA
I've tried a few different RCPT TO: addresses but I get the same result.
Also tried using the ISP's mail server's domain in the HELO with the
same results.
I tried creating a local certificate and updating the
exim4.conf.template with MAIN_TLS_ENABLE = yes but that didn't help either.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
David Wright
Mar 17, 2015, 1:40:03 AM3/17/15
to
Quoting Gary Dale (gary...@torfree.net):
> On 16/03/15 12:37 PM, Brian wrote:
> >On Mon 16 Mar 2015 at 10:46:25 -0500, David Wright wrote:
> >
> >>Quoting James (bjlo...@lockie.ca):
> >>
> >>>You can't telnet to an ssl port.
> >>>Use:
> >>>openssl s_client -connect [IP]:smtps
> >>I'm sorry if I muddied the waters by suggesting using telnet.
> >>I find it a useful tool to quickly test whether I can reach a port,
> >>whether anything is listening, and whether the response is the same as
> >>I got last time/when things were working, even if that response is
> >>to connect for a few seconds and then disconnect (like 80 does).
> >>And I can get the results from ten differnet ports in one screenful
> >>of text.
> >A slight mistake; but now the OP is back on the right track all he
> >should have to do is issue the helo, mail from:, rcpt to: and data
> >commands to test whether sending mail is possible. If it is he can
> >then take a closer look at his exim setup.
> OK, following the doc at http://www.debianhelp.co.uk/mail.htm, I
> could enter:
> HELO <my domain>
I always use EHLO but have no idea if it makes a difference.
> On 16/03/15 12:37 PM, Brian wrote:
> >On Mon 16 Mar 2015 at 10:46:25 -0500, David Wright wrote:
> >
> >>Quoting James (bjlo...@lockie.ca):
> >>
> >>>You can't telnet to an ssl port.
> >>>Use:
> >>>openssl s_client -connect [IP]:smtps
> >>I'm sorry if I muddied the waters by suggesting using telnet.
> >>I find it a useful tool to quickly test whether I can reach a port,
> >>whether anything is listening, and whether the response is the same as
> >>I got last time/when things were working, even if that response is
> >>to connect for a few seconds and then disconnect (like 80 does).
> >>And I can get the results from ten differnet ports in one screenful
> >>of text.
> >A slight mistake; but now the OP is back on the right track all he
> >should have to do is issue the helo, mail from:, rcpt to: and data
> >commands to test whether sending mail is possible. If it is he can
> >then take a closer look at his exim setup.
> OK, following the doc at http://www.debianhelp.co.uk/mail.htm, I
> could enter:
> HELO <my domain>
> MAIL FROM <account>@<mydomain>
>
> but things get interesting when I enter the rcpt to:
>
> RCPT TO: ga...@extremeground.com
> RENEGOTIATING
> depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST
> Network, CN = USERTrust RSA Certification Authority
> verify error:num=20:unable to get local issuer certificate
> verify return:0
>
> After that, I can't enter DATA. It says 503 valid RCPT command must
> precede DATA
> I've tried a few different RCPT TO: addresses but I get the same
> result. Also tried using the ISP's mail server's domain in the HELO
> with the same results.
>
> I tried creating a local certificate and updating the
> exim4.conf.template with MAIN_TLS_ENABLE = yes but that didn't help
> either.
Your sequence of commands (with the changes I suggested) worked for me.
Cheers,
David.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Jonathan Dowland
Mar 17, 2015, 5:40:05 AM3/17/15
to
On Sat, Mar 14, 2015 at 08:48:37PM -0500, David Wright wrote:
> Is it worth telnetting the port to check that it supports what you
> think it does. For example, from several years ago:
Check out "swaks". It is a debug SMTP client which can do more sophisticated
> Is it worth telnetting the port to check that it supports what you
> think it does. For example, from several years ago:
things than you can via telnet.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Brian
Mar 17, 2015, 8:00:04 AM3/17/15
to
On Tue 17 Mar 2015 at 00:30:38 -0500, David Wright wrote:
> Quoting Gary Dale (gary...@torfree.net):
> > OK, following the doc at http://www.debianhelp.co.uk/mail.htm, I
> > could enter:
> > HELO <my domain>
>
> I always use EHLO but have no idea if it makes a difference.
EHLO allows the client to discover whether the server supports ESMTP. If
it does not it will revert to HELO behaviour.
> > MAIL FROM <account>@<mydomain>
> >
> > but things get interesting when I enter the rcpt to:
> >
> > RCPT TO: ga...@extremeground.com
>
> Shouldn't that be in <> according to rfc2821?
Probably best to put them in, although there are servers which are not
too picky. Leaving off <> often gets an error message.
> > RENEGOTIATING
> > depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST
> > Network, CN = USERTrust RSA Certification Authority
> > verify error:num=20:unable to get local issuer certificate
> > verify return:0
> >
> > After that, I can't enter DATA. It says 503 valid RCPT command must
> > precede DATA
>
> Yes, until you see a 250 from RCPT TO: it hasn't been accepted.
>
> > I've tried a few different RCPT TO: addresses but I get the same
> > result. Also tried using the ISP's mail server's domain in the HELO
> > with the same results.
> >
> > I tried creating a local certificate and updating the
> > exim4.conf.template with MAIN_TLS_ENABLE = yes but that didn't help
> > either.
>
> I don't think those verify items above are necessarily a problem in themselves.
> Your sequence of commands (with the changes I suggested) worked for me.
They can work for me too. But only when I'm on the same network as the
server. Then I suppose I'm trusted.
I hope the OP is diligently reading all the mails on -user. A couple
today in
https://lists.debian.org/debian-user/2015/03/msg00645.html
might interest him.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: https://lists.debian.org/1703201511422...@desktop.copernicus.demon.co.uk
> Quoting Gary Dale (gary...@torfree.net):
> > OK, following the doc at http://www.debianhelp.co.uk/mail.htm, I
> > could enter:
> > HELO <my domain>
>
> I always use EHLO but have no idea if it makes a difference.
it does not it will revert to HELO behaviour.
> > MAIL FROM <account>@<mydomain>
> >
> > but things get interesting when I enter the rcpt to:
> >
> > RCPT TO: ga...@extremeground.com
>
> Shouldn't that be in <> according to rfc2821?
too picky. Leaving off <> often gets an error message.
> > RENEGOTIATING
> > depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST
> > Network, CN = USERTrust RSA Certification Authority
> > verify error:num=20:unable to get local issuer certificate
> > verify return:0
> >
> > After that, I can't enter DATA. It says 503 valid RCPT command must
> > precede DATA
>
> Yes, until you see a 250 from RCPT TO: it hasn't been accepted.
>
> > I've tried a few different RCPT TO: addresses but I get the same
> > result. Also tried using the ISP's mail server's domain in the HELO
> > with the same results.
> >
> > I tried creating a local certificate and updating the
> > exim4.conf.template with MAIN_TLS_ENABLE = yes but that didn't help
> > either.
>
> I don't think those verify items above are necessarily a problem in themselves.
> Your sequence of commands (with the changes I suggested) worked for me.
server. Then I suppose I'm trusted.
I hope the OP is diligently reading all the mails on -user. A couple
today in
https://lists.debian.org/debian-user/2015/03/msg00645.html
might interest him.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Gary Dale
Mar 17, 2015, 10:40:04 AM3/17/15
to
and got the same result.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Gary Dale
Mar 23, 2015, 11:50:06 PM3/23/15
to
line. I had it originally in
/etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost.
Moving it to /etc/exim4/exim4.conf.template seems to have done the trick.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Jörg-Volker Peetz
Mar 24, 2015, 9:00:05 AM3/24/15
to
Gary Dale wrote on 03/24/2015 04:49:
<snip>
think, one should check the automatically generated file
/var/lib/exim4/config.autogenerated .
--
Regards,
jvp.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: https://lists.debian.org/mermht$tv0$1...@ger.gmane.org
<snip>
> The problem seems to have been the location of the protocol = smtps line. I had
> it originally in
> /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost. Moving it to
> /etc/exim4/exim4.conf.template seems to have done the trick.
>
Didn't think of that. In order to see which configuration is actually used, I
> it originally in
> /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost. Moving it to
> /etc/exim4/exim4.conf.template seems to have done the trick.
>
think, one should check the automatically generated file
/var/lib/exim4/config.autogenerated .
--
Regards,
jvp.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
0 new messages