Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
exim4 as a smarthost with TLS
648 views
Skip to first unread message
rudu
Jul 30, 2021, 9:50:05 AM7/30/21
to
Dear Debian users,
I would greatly appreciate some help here, as I'm trying to tighten up
my configuration of exim4 in a smarthost way.
My desktop runs Bullseye and performs a few cron tasks who used to send
me by mail the notifications of their successful executions (or not).
I stopped receiving these notifications around late April this year.
But my initial configuration of exim4 was way back, I suppose I just did
something like this at the time :
https://wiki.debian.org/Exim#Smarthost_with_Authentication
My e-mail service provider seems not to accept this anymore so I went to
this chapter :
https://wiki.debian.org/Exim#TLS_and_authentication
... and followed each step except the "Dual stack RSA/ECDSA
configuration" which seemed unnecessary.
Still, a simple :
$ mail -s test my....@provider.fr
... ends up to show in # tail -f /var/log/exim4/mainlog :
2021-07-30 10:58:09 1m9OLJ-000cAf-Ss <= my....@provider.fr U=rudu
P=local S=461
2021-07-30 10:58:10 1m9OLJ-000cAf-Ss == my....@provider.fr R=smarthost
T=remote_smtp_smarthost defer (-37) H=smtpauth.provider.fr
[185.204.xxx.xxx]: TLS session: (certificate verification failed):
certificate invalid
So, when I ran the command :
# bash /usr/share/doc/exim4-base/examples/exim-gencert
... did I miss something that should be there ?
Rudu
I would greatly appreciate some help here, as I'm trying to tighten up
my configuration of exim4 in a smarthost way.
My desktop runs Bullseye and performs a few cron tasks who used to send
me by mail the notifications of their successful executions (or not).
I stopped receiving these notifications around late April this year.
But my initial configuration of exim4 was way back, I suppose I just did
something like this at the time :
https://wiki.debian.org/Exim#Smarthost_with_Authentication
My e-mail service provider seems not to accept this anymore so I went to
this chapter :
https://wiki.debian.org/Exim#TLS_and_authentication
... and followed each step except the "Dual stack RSA/ECDSA
configuration" which seemed unnecessary.
Still, a simple :
$ mail -s test my....@provider.fr
... ends up to show in # tail -f /var/log/exim4/mainlog :
2021-07-30 10:58:09 1m9OLJ-000cAf-Ss <= my....@provider.fr U=rudu
P=local S=461
2021-07-30 10:58:10 1m9OLJ-000cAf-Ss == my....@provider.fr R=smarthost
T=remote_smtp_smarthost defer (-37) H=smtpauth.provider.fr
[185.204.xxx.xxx]: TLS session: (certificate verification failed):
certificate invalid
So, when I ran the command :
# bash /usr/share/doc/exim4-base/examples/exim-gencert
... did I miss something that should be there ?
Rudu
Reco
Jul 30, 2021, 12:30:04 PM7/30/21
to
On Fri, Jul 30, 2021 at 07:25:34PM +0300, Reco wrote:
> Hi.
> But your smarthost certificate certainly does.
>
> Every time you try to send a mail, your exim checks certificate of
> remote MTA, and it does not like what it sees.
>
> grep -i 'tls_.*verify' /var/lib/exim4/config.autogenerated
>
> grep split exim4/update-exim4.conf.conf
A typo.
grep -i 'tls_.*verify' /var/lib/exim4/config.autogenerated
grep split /etc/exim4/update-exim4.conf.conf
Reco
> Hi.
>
> On Fri, Jul 30, 2021 at 03:35:28PM +0200, rudu wrote:
> > Still, a simple :
> > $ mail -s test my....@provider.fr
> > ... ends up to show in # tail -f /var/log/exim4/mainlog :
> > 2021-07-30 10:58:09 1m9OLJ-000cAf-Ss <= my....@provider.fr U=rudu P=local S=461
> > 2021-07-30 10:58:10 1m9OLJ-000cAf-Ss == my....@provider.fr R=smarthost T=remote_smtp_smarthost defer (-37) H=smtpauth.provider.fr [185.204.xxx.xxx]: TLS
> > session: (certificate verification failed): certificate invalid
>
> Your exim certificate has nothing to do with this.
> On Fri, Jul 30, 2021 at 03:35:28PM +0200, rudu wrote:
> > Still, a simple :
> > $ mail -s test my....@provider.fr
> > ... ends up to show in # tail -f /var/log/exim4/mainlog :
> > 2021-07-30 10:58:09 1m9OLJ-000cAf-Ss <= my....@provider.fr U=rudu P=local S=461
> > 2021-07-30 10:58:10 1m9OLJ-000cAf-Ss == my....@provider.fr R=smarthost T=remote_smtp_smarthost defer (-37) H=smtpauth.provider.fr [185.204.xxx.xxx]: TLS
> > session: (certificate verification failed): certificate invalid
>
> But your smarthost certificate certainly does.
>
> Every time you try to send a mail, your exim checks certificate of
> remote MTA, and it does not like what it sees.
>
> > So, when I ran the command :
> > # bash /usr/share/doc/exim4-base/examples/exim-gencert
> > ... did I miss something that should be there ?
>
> It's possible. Please provide an output of:
> > So, when I ran the command :
> > # bash /usr/share/doc/exim4-base/examples/exim-gencert
> > ... did I miss something that should be there ?
>
>
> grep -i 'tls_.*verify' /var/lib/exim4/config.autogenerated
>
> grep split exim4/update-exim4.conf.conf
A typo.
grep -i 'tls_.*verify' /var/lib/exim4/config.autogenerated
grep split /etc/exim4/update-exim4.conf.conf
Reco
Reco
Jul 30, 2021, 12:30:04 PM7/30/21
to
Hi.
On Fri, Jul 30, 2021 at 03:35:28PM +0200, rudu wrote:
On Fri, Jul 30, 2021 at 03:35:28PM +0200, rudu wrote:
> Still, a simple :
> $ mail -s test my....@provider.fr
> ... ends up to show in # tail -f /var/log/exim4/mainlog :
> 2021-07-30 10:58:09 1m9OLJ-000cAf-Ss <= my....@provider.fr U=rudu P=local S=461
> 2021-07-30 10:58:10 1m9OLJ-000cAf-Ss == my....@provider.fr R=smarthost T=remote_smtp_smarthost defer (-37) H=smtpauth.provider.fr [185.204.xxx.xxx]: TLS
> session: (certificate verification failed): certificate invalid
> $ mail -s test my....@provider.fr
> ... ends up to show in # tail -f /var/log/exim4/mainlog :
> 2021-07-30 10:58:09 1m9OLJ-000cAf-Ss <= my....@provider.fr U=rudu P=local S=461
> 2021-07-30 10:58:10 1m9OLJ-000cAf-Ss == my....@provider.fr R=smarthost T=remote_smtp_smarthost defer (-37) H=smtpauth.provider.fr [185.204.xxx.xxx]: TLS
> session: (certificate verification failed): certificate invalid
Your exim certificate has nothing to do with this.
But your smarthost certificate certainly does.
Every time you try to send a mail, your exim checks certificate of
remote MTA, and it does not like what it sees.
But your smarthost certificate certainly does.
Every time you try to send a mail, your exim checks certificate of
remote MTA, and it does not like what it sees.
> So, when I ran the command :
> # bash /usr/share/doc/exim4-base/examples/exim-gencert
> ... did I miss something that should be there ?
> # bash /usr/share/doc/exim4-base/examples/exim-gencert
> ... did I miss something that should be there ?
It's possible. Please provide an output of:
grep -i 'tls_.*verify' /var/lib/exim4/config.autogenerated
grep split exim4/update-exim4.conf.conf
Reco
grep -i 'tls_.*verify' /var/lib/exim4/config.autogenerated
grep split exim4/update-exim4.conf.conf
rudu
Jul 30, 2021, 7:10:05 PM7/30/21
to
Thank you Reco, see below
# grep -i 'tls_.*verify' /var/lib/exim4/config.autogenerated
.ifndef MAIN_TLS_VERIFY_CERTIFICATES
MAIN_TLS_VERIFY_CERTIFICATES = ${if
exists{/etc/ssl/certs/ca-certificates.crt}\
tls_verify_certificates = MAIN_TLS_VERIFY_CERTIFICATES
.ifdef MAIN_TLS_VERIFY_HOSTS
tls_verify_hosts = MAIN_TLS_VERIFY_HOSTS
.ifdef MAIN_TLS_TRY_VERIFY_HOSTS
tls_try_verify_hosts = MAIN_TLS_TRY_VERIFY_HOSTS
.ifndef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *
.ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES
tls_verify_certificates = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES
.ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
tls_verify_hosts = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
> grep split /etc/exim4/update-exim4.conf.conf
# grep split /etc/exim4/update-exim4.conf.conf
dc_use_split_config='false'
I'm afraid I don't understand much of what you're asking me.
Hope that it gives you any hint about what's going wrong here.
Thank you again.
Rudu
.ifndef MAIN_TLS_VERIFY_CERTIFICATES
MAIN_TLS_VERIFY_CERTIFICATES = ${if
exists{/etc/ssl/certs/ca-certificates.crt}\
tls_verify_certificates = MAIN_TLS_VERIFY_CERTIFICATES
.ifdef MAIN_TLS_VERIFY_HOSTS
tls_verify_hosts = MAIN_TLS_VERIFY_HOSTS
.ifdef MAIN_TLS_TRY_VERIFY_HOSTS
tls_try_verify_hosts = MAIN_TLS_TRY_VERIFY_HOSTS
.ifndef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *
.ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES
tls_verify_certificates = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES
.ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
tls_verify_hosts = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
> grep split /etc/exim4/update-exim4.conf.conf
# grep split /etc/exim4/update-exim4.conf.conf
dc_use_split_config='false'
I'm afraid I don't understand much of what you're asking me.
Hope that it gives you any hint about what's going wrong here.
Thank you again.
Rudu
Reco
Jul 31, 2021, 2:30:04 AM7/31/21
to
On Sat, Jul 31, 2021 at 09:21:02AM +0300, Reco wrote:
> > > grep split /etc/exim4/update-exim4.conf.conf
> > # grep split /etc/exim4/update-exim4.conf.conf
> > dc_use_split_config='false'
>
> And this part shows that to change this you have to edit files at
> > > grep split /etc/exim4/update-exim4.conf.conf
> > # grep split /etc/exim4/update-exim4.conf.conf
> > dc_use_split_config='false'
>
> /etc/exim4/conf.d.
Damn. I need to think more before I send e-mails.
Of course this part shows that you lack a split exim4 config, so we'll
have to edit /etc/exim4/exim4.conf.template.
So, in addition to:
grep -R REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS /etc/exim4/conf.d
Please also post this:
grep REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS /etc/exim4/exim4.conf.template
Reco
Reco
Jul 31, 2021, 2:30:04 AM7/31/21
to
Hi.
This part of exim4 config shows that it has certificate verification
enabled. And it does this for smarthosts too, which corresponds to
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *.
> > grep split /etc/exim4/update-exim4.conf.conf
> # grep split /etc/exim4/update-exim4.conf.conf
> dc_use_split_config='false'
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS, because it certainly does not
happen here (exim4-daemon-heavy, buster, but I don't use "satellite"
configuration).
Therefore,
grep -R REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS /etc/exim4/conf.d
Reco
enabled. And it does this for smarthosts too, which corresponds to
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *.
> > grep split /etc/exim4/update-exim4.conf.conf
> # grep split /etc/exim4/update-exim4.conf.conf
> dc_use_split_config='false'
And this part shows that to change this you have to edit files at
/etc/exim4/conf.d.
The only question left is - which particular macro defines
/etc/exim4/conf.d.
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS, because it certainly does not
happen here (exim4-daemon-heavy, buster, but I don't use "satellite"
configuration).
Therefore,
grep -R REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS /etc/exim4/conf.d
Reco
rudu
Jul 31, 2021, 7:10:04 AM7/31/21
to
Hi Reco,
Le 31/07/2021 à 08:25, Reco a écrit :
> On Sat, Jul 31, 2021 at 09:21:02AM +0300, Reco wrote:
>>>> grep split /etc/exim4/update-exim4.conf.conf
>>> # grep split /etc/exim4/update-exim4.conf.conf
>>> dc_use_split_config='false'
>> And this part shows that to change this you have to edit files at
>> /etc/exim4/conf.d.
> Damn. I need to think more before I send e-mails.
> Of course this part shows that you lack a split exim4 config, so we'll
> have to edit /etc/exim4/exim4.conf.template.
>
> So, in addition to:
>
> grep -R REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS /etc/exim4/conf.d
# grep -R REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS /etc/exim4/conf.d
/etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost:.ifdef
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
/etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost:
tls_verify_hosts = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
/etc/exim4/conf.d/transport/10_exim4-config_transport-macros:.ifndef
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
/etc/exim4/conf.d/transport/10_exim4-config_transport-macros:
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *
> Please also post this:
>
> grep REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS /etc/exim4/exim4.conf.template
# grep REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS /etc/exim4/exim4.conf.template
tls_verify_hosts = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
Thank you
Rudu
Le 31/07/2021 à 08:25, Reco a écrit :
> On Sat, Jul 31, 2021 at 09:21:02AM +0300, Reco wrote:
>>>> grep split /etc/exim4/update-exim4.conf.conf
>>> # grep split /etc/exim4/update-exim4.conf.conf
>>> dc_use_split_config='false'
>> And this part shows that to change this you have to edit files at
>> /etc/exim4/conf.d.
> Damn. I need to think more before I send e-mails.
> Of course this part shows that you lack a split exim4 config, so we'll
> have to edit /etc/exim4/exim4.conf.template.
>
> So, in addition to:
>
> grep -R REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS /etc/exim4/conf.d
/etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost:.ifdef
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
/etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost:
tls_verify_hosts = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
/etc/exim4/conf.d/transport/10_exim4-config_transport-macros:.ifndef
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
/etc/exim4/conf.d/transport/10_exim4-config_transport-macros:
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *
> Please also post this:
>
> grep REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS /etc/exim4/exim4.conf.template
.ifndef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *
.ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *
tls_verify_hosts = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
Thank you
Rudu
Reco
Jul 31, 2021, 8:20:04 AM7/31/21
to
Edit /etc/exim4/exim4.conf.template, you'll need to comment out a block
similar to this:
.ifndef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *
Do not touch second block (starting with .ifdef
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS).
Execute /usr/sbin/update-exim4.conf.
Bounce exim4.
Smarthost certificate verification should be disabled after this.
If you ever need to reenable it - just uncomment the ifndef block, and
execute /usr/sbin/update-exim4.conf once more.
Reco
Sven Hartge
Jul 31, 2021, 8:50:04 AM7/31/21
to
Reco <recov...@enotuniq.net> wrote:
> Seems straightforward enough.
> Edit /etc/exim4/exim4.conf.template, you'll need to comment out a block
> similar to this:
> .ifndef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
> REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *
> .endif
> Do not touch second block (starting with .ifdef
> REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS).
> Execute /usr/sbin/update-exim4.conf.
> Bounce exim4.
> Smarthost certificate verification should be disabled after this.
Wouldn't it be easier to just create /etc/exim4/exim4.conf.localmacros
> Seems straightforward enough.
> Edit /etc/exim4/exim4.conf.template, you'll need to comment out a block
> similar to this:
> .ifndef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
> REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *
> .endif
> Do not touch second block (starting with .ifdef
> REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS).
> Execute /usr/sbin/update-exim4.conf.
> Bounce exim4.
> Smarthost certificate verification should be disabled after this.
and put
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = !*
in it? That way you don't need to edit the template (causing a merge
prompt on the next exim4 update).
This is also the way the README.Debian suggest doing this.
S°
--
Sigmentation fault. Core dumped.
Reco
Jul 31, 2021, 9:20:04 AM7/31/21
to
On Sat, Jul 31, 2021 at 02:45:34PM +0200, Sven Hartge wrote:
> Reco <recov...@enotuniq.net> wrote:
>
> > Seems straightforward enough.
> > Edit /etc/exim4/exim4.conf.template, you'll need to comment out a block
> > similar to this:
>
> > .ifndef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
> > REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *
> > .endif
>
> > Do not touch second block (starting with .ifdef
> > REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS).
>
> > Execute /usr/sbin/update-exim4.conf.
> > Bounce exim4.
>
> > Smarthost certificate verification should be disabled after this.
>
> Wouldn't it be easier to just create /etc/exim4/exim4.conf.localmacros
> and put
>
> REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = !*
>
> in it?
Could be. Will exim4.conf.localmacros apply to non-split exim config?
> Reco <recov...@enotuniq.net> wrote:
>
> > Seems straightforward enough.
> > Edit /etc/exim4/exim4.conf.template, you'll need to comment out a block
> > similar to this:
>
> > .ifndef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
> > REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *
> > .endif
>
> > Do not touch second block (starting with .ifdef
> > REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS).
>
> > Execute /usr/sbin/update-exim4.conf.
> > Bounce exim4.
>
> > Smarthost certificate verification should be disabled after this.
>
> Wouldn't it be easier to just create /etc/exim4/exim4.conf.localmacros
> and put
>
> REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = !*
>
> in it?
Reco
Sven Hartge
Jul 31, 2021, 10:10:04 AM7/31/21
to
For the split config you need to create a file like
/etc/exim4/conf.d/main/000_localconfig instead.
Documentation says:
,----[ /usr/share/doc/exim4-base/README.Debian.gz
| For split configuration, you can drop the local configuration file
| anywhere in /etc/exim4/conf.d/main. Just make sure it gets read
| before the macro is first used. 000_localmacros is a possible name,
| guaranteeing first order. For a non-split configuration,
| /etc/exim4/exim4.conf.localmacros gets read before
| /etc/exim4/exim4.conf.template.
`----
Reco
Jul 31, 2021, 10:30:04 AM7/31/21
to
On Sat, Jul 31, 2021 at 04:03:43PM +0200, Sven Hartge wrote:
> Reco <recov...@enotuniq.net> wrote:
> > On Sat, Jul 31, 2021 at 02:45:34PM +0200, Sven Hartge wrote:
> >> Reco <recov...@enotuniq.net> wrote:
> >>
> >> > Seems straightforward enough.
> >> > Edit /etc/exim4/exim4.conf.template, you'll need to comment out a block
> >> > similar to this:
> >>
> >> > .ifndef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
> >> > REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *
> >> > .endif
> >>
> >> > Do not touch second block (starting with .ifdef
> >> > REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS).
> >>
> >> > Execute /usr/sbin/update-exim4.conf.
> >> > Bounce exim4.
> >>
> >> > Smarthost certificate verification should be disabled after this.
> >>
> >> Wouldn't it be easier to just create /etc/exim4/exim4.conf.localmacros
> >> and put
> >>
> >> REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = !*
> >>
> >> in it?
>
> > Could be. Will exim4.conf.localmacros apply to non-split exim config?
>
> It will *only* apply to a non-split config.
Agreed. There's nothing wrong in trying
> Reco <recov...@enotuniq.net> wrote:
> > On Sat, Jul 31, 2021 at 02:45:34PM +0200, Sven Hartge wrote:
> >> Reco <recov...@enotuniq.net> wrote:
> >>
> >> > Seems straightforward enough.
> >> > Edit /etc/exim4/exim4.conf.template, you'll need to comment out a block
> >> > similar to this:
> >>
> >> > .ifndef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
> >> > REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *
> >> > .endif
> >>
> >> > Do not touch second block (starting with .ifdef
> >> > REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS).
> >>
> >> > Execute /usr/sbin/update-exim4.conf.
> >> > Bounce exim4.
> >>
> >> > Smarthost certificate verification should be disabled after this.
> >>
> >> Wouldn't it be easier to just create /etc/exim4/exim4.conf.localmacros
> >> and put
> >>
> >> REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = !*
> >>
> >> in it?
>
> > Could be. Will exim4.conf.localmacros apply to non-split exim config?
>
> It will *only* apply to a non-split config.
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = !* as far as I'm concerned.
Reco
rudu
Jul 31, 2021, 7:00:05 PM7/31/21
to
Reco, Sven, thank you for your help, my next steps below :
What I just did :
# nano /etc/exim4/exim4.conf.template
I commented out this :
#.ifndef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
# REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *
#.endif
Then
# update-exim4.conf
# systemctl restart exim4.service
# rm /var/spool/exim4/db/retry*
# rm /var/spool/exim4/db/wait-remote_smtp_smarthost*
# tail -f /var/log/exim4/mainlog
Then in a user terminal :
The log :
2021-08-01 00:33:34 1m9xXy-00035e-PB <= my....@provider.fr U=rudu
P=local S=463
2021-08-01 00:33:35 1m9xXy-00035e-PB H=smtpauth.provider.fr
[185.204.xxx.xxx]: SMTP error from remote mail server after AUTH PLAIN
********************************************************: 454 4.7.0
Temporary authentication failure: Connection lost to authentication server
2021-08-01 00:33:35 1m9xXy-00035e-PB == my....@provider.fr R=smarthost
T=remote_smtp_smarthost defer (0) H=smtpauth.provider.fr
[185.204.xxx.xxx]: SMTP error from remote mail server after AUTH PLAIN
********************************************************: 454 4.7.0
Temporary authentication failure: Connection lost to authentication server
Sorry to be so lost, but really I can't figure out what all this means ...
But that's sort of new kind of mainlog from exim4 ...
Rings some bell ?
Thanks in advance
Rudu
# nano /etc/exim4/exim4.conf.template
I commented out this :
#.ifndef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
# REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *
#.endif
Then
# update-exim4.conf
# systemctl restart exim4.service
# rm /var/spool/exim4/db/retry*
# rm /var/spool/exim4/db/wait-remote_smtp_smarthost*
# tail -f /var/log/exim4/mainlog
Then in a user terminal :
The log :
2021-08-01 00:33:34 1m9xXy-00035e-PB <= my....@provider.fr U=rudu
P=local S=463
2021-08-01 00:33:35 1m9xXy-00035e-PB H=smtpauth.provider.fr
[185.204.xxx.xxx]: SMTP error from remote mail server after AUTH PLAIN
********************************************************: 454 4.7.0
Temporary authentication failure: Connection lost to authentication server
2021-08-01 00:33:35 1m9xXy-00035e-PB == my....@provider.fr R=smarthost
T=remote_smtp_smarthost defer (0) H=smtpauth.provider.fr
[185.204.xxx.xxx]: SMTP error from remote mail server after AUTH PLAIN
********************************************************: 454 4.7.0
Temporary authentication failure: Connection lost to authentication server
Sorry to be so lost, but really I can't figure out what all this means ...
But that's sort of new kind of mainlog from exim4 ...
Rings some bell ?
Thanks in advance
Rudu
rudu
Jul 31, 2021, 9:10:04 PM7/31/21
to
Guys, guess what ?
I received my test mails !!!
Reco, thank you very much, Sven also for your input.
Rudu
I received my test mails !!!
Reco, thank you very much, Sven also for your input.
Rudu
0 new messages