Marc Haber, on Fri 22 Apr 2016 12:53:59 +0200, wrote: > On Thu, Apr 21, 2016 at 10:06:38PM +0200, Samuel Thibault wrote: > > Due to network hickups, some of my mails couldn't go through TLS to my > > smarthost, and exim4 reverted to an unencrypted send: > > > > 2016-04-16 10:39:58 1arJcE-00020M-Cx H=sonata.ens-lyon.org [140.77.166.138] > > TLS error on connection (gnutls_handshake): timed out > > 2016-04-16 10:39:58 1arJcE-00020M-Cx TLS session failure: delivering > > unencrypted to sonata.ens-lyon.org [140.77.166.138] (not in > > hosts_require_tls) > > > > But this got rejected by the smarthost: > > > > 2016-04-16 10:40:06 1arJcE-00020M-Cx ** [email protected] R=smarthost > > T=remote_smtp_smarthost H=sonata.ens-lyon.org [140.77.166.138]: SMTP error > > from remote mail server after MAIL FROM:<[email protected]> > > SIZE=1944: 530 5.7.0 Must issue a STARTTLS command first > > Ouch. The smarthost sohuldn't advertise AUTH capabilities before > STARTTLS if it doesn't want to authenticate in clear text.
Well, no, it doesn't: brl$ telnet smtp.ens-lyon.org 587 Trying 140.77.166.138... Connected to sonata.ens-lyon.org. Escape character is '^]'. 220 sonata.ens-lyon.org ESMTP Postfix (Debian/GNU) ehlo brl.thefreecat.org 250-sonata.ens-lyon.org 250-PIPELINING 250-SIZE 51200000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN auth 530 5.7.0 Must issue a STARTTLS command first Samuel
