Package: exim4 Version: 4.87-1 Severity: normal Tags: patch Hello,
Due to network hickups, some of my mails couldn't go through TLS to my smarthost, and exim4 reverted to an unencrypted send: 2016-04-16 10:39:58 1arJcE-00020M-Cx H=sonata.ens-lyon.org [140.77.166.138] TLS error on connection (gnutls_handshake): timed out 2016-04-16 10:39:58 1arJcE-00020M-Cx TLS session failure: delivering unencrypted to sonata.ens-lyon.org [140.77.166.138] (not in hosts_require_tls) But this got rejected by the smarthost: 2016-04-16 10:40:06 1arJcE-00020M-Cx ** [email protected] R=smarthost T=remote_smtp_smarthost H=sonata.ens-lyon.org [140.77.166.138]: SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=1944: 530 5.7.0 Must issue a STARTTLS command first And thus I got a bounce. I need to prevent that by setting hosts_require_tls, but this doesn't seem to be supported by the debian packaging. More precisely, I would need the attached patch to be applied. Thanks, Samuel -- Package-specific info: Exim version 4.87 #2 built 07-Apr-2016 17:26:59 Copyright (c) University of Cambridge, 1995 - 2016 (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2016 Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013) Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DKIM DNSSEC Event OCSP PRDR SOCKS Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch nis nis0 passwd Authenticators: cram_md5 plaintext Routers: accept dnslookup ipliteral manualroute queryprogram redirect Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp Fixed never_users: 0 Size of off_t: 8 Configuration file is /var/lib/exim4/config.autogenerated # /etc/exim4/update-exim4.conf.conf # # Edit this file and /etc/mailname by hand and execute update-exim4.conf # yourself or use 'dpkg-reconfigure exim4-config' dc_eximconfig_configtype='smarthost' dc_other_hostnames='var.youpi.perso.aquilenet.fr;var.ipv6;var' dc_local_interfaces='127.0.0.1 ; ::1' dc_readhost='youpi.perso.aquilenet.fr' dc_relay_domains='' dc_minimaldns='false' dc_relay_nets='' dc_smarthost='sonata.ens-lyon.org::587:iona.labri.fr::587:smtp.inria.fr::587' CFILEMODE='644' dc_use_split_config='false' dc_hide_mailname='true' dc_mailname_in_oh='true' dc_localdelivery='mail_spool' mailname:var.youpi.perso.aquilenet.fr -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.5.0 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages exim4 depends on: ii cdebconf [debconf-2.0] 0.208 ii debconf [debconf-2.0] 1.5.59 ii exim4-base 4.87-1 ii exim4-daemon-light 4.87-1 exim4 recommends no packages. exim4 suggests no packages. -- debconf information excluded -- Samuel "...[Linux's] capacity to talk via any medium except smoke signals." (By Dr. Greg Wettstein, Roger Maris Cancer Center)
--- ./exim4.conf.template.original 2016-04-21 22:04:04.176064933 +0200 +++ ./exim4.conf.template 2016-04-21 22:04:12.336069949 +0200 @@ -1700,6 +1700,9 @@ .ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS .endif +.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS + hosts_require_tls = REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS +.endif .ifdef REMOTE_SMTP_HEADERS_REWRITE headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE .endif
