On Thu, Apr 21, 2016 at 10:06:38PM +0200, Samuel Thibault wrote: > Due to network hickups, some of my mails couldn't go through TLS to my > smarthost, and exim4 reverted to an unencrypted send: > > 2016-04-16 10:39:58 1arJcE-00020M-Cx H=sonata.ens-lyon.org [140.77.166.138] > TLS error on connection (gnutls_handshake): timed out > 2016-04-16 10:39:58 1arJcE-00020M-Cx TLS session failure: delivering > unencrypted to sonata.ens-lyon.org [140.77.166.138] (not in hosts_require_tls) > > But this got rejected by the smarthost: > > 2016-04-16 10:40:06 1arJcE-00020M-Cx ** [email protected] R=smarthost > T=remote_smtp_smarthost H=sonata.ens-lyon.org [140.77.166.138]: SMTP error > from remote mail server after MAIL FROM:<[email protected]> > SIZE=1944: 530 5.7.0 Must issue a STARTTLS command first
Ouch. The smarthost sohuldn't advertise AUTH capabilities before STARTTLS if it doesn't want to authenticate in clear text. > And thus I got a bounce. I need to prevent that by setting > hosts_require_tls, but this doesn't seem to be supported by the debian > packaging. More precisely, I would need the attached patch to be > applied. /etc/exim4/exim4.conf.template is a dpkg-conffile. Feel free to edit it if you need changes. Andreas will decide whether he will accept your patch though. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
