Bug#822174: exim4: Please add hosts_require_tls = REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS

Fri, 22 Apr 2016 15:15:33 -0700 

On Fri, Apr 22, 2016 at 01:31:33PM +0200, Samuel Thibault wrote:
> Marc Haber, on Fri 22 Apr 2016 12:53:59 +0200, wrote:
> > On Thu, Apr 21, 2016 at 10:06:38PM +0200, Samuel Thibault wrote:
> > > Due to network hickups, some of my mails couldn't go through TLS to my
> > > smarthost, and exim4 reverted to an unencrypted send:
> > > 
> > > 2016-04-16 10:39:58 1arJcE-00020M-Cx H=sonata.ens-lyon.org 
> > > [140.77.166.138] TLS error on connection (gnutls_handshake): timed out
> > > 2016-04-16 10:39:58 1arJcE-00020M-Cx TLS session failure: delivering 
> > > unencrypted to sonata.ens-lyon.org [140.77.166.138] (not in 
> > > hosts_require_tls)
> > > 
> > > But this got rejected by the smarthost:
> > > 
> > > 2016-04-16 10:40:06 1arJcE-00020M-Cx ** [email protected] R=smarthost 
> > > T=remote_smtp_smarthost H=sonata.ens-lyon.org [140.77.166.138]: SMTP 
> > > error from remote mail server after MAIL 
> > > FROM:<[email protected]> SIZE=1944: 530 5.7.0 Must issue a 
> > > STARTTLS command first
> > 
> > Ouch. The smarthost sohuldn't advertise AUTH capabilities before
> > STARTTLS if it doesn't want to authenticate in clear text.
> 
> Well, no, it doesn't:
> 
> brl$ telnet smtp.ens-lyon.org 587
> Trying 140.77.166.138...
> Connected to sonata.ens-lyon.org.
> Escape character is '^]'.
> 220 sonata.ens-lyon.org ESMTP Postfix (Debian/GNU)
> ehlo brl.thefreecat.org     
> 250-sonata.ens-lyon.org
> 250-PIPELINING
> 250-SIZE 51200000
> 250-VRFY
> 250-ETRN
> 250-STARTTLS
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
> auth
> 530 5.7.0 Must issue a STARTTLS command first

Ah. Exim shouldnt try authenticating then. But the Postfix there gives
the same answer to a MAIL FROM, which is probably the case here.

The workaround given in my first question would still be valid though.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421

Reply via email to