On Thu, 2019-11-28 at 14:00 +0000, Andrew C Aitchison via Exim-users wrote: > On Thu, 28 Nov 2019, Gary Dale via Exim-users wrote: [...] > > It looks like the remote smarthost thinks I'm not using TLS. > > No. TLS is about encryption. The 1iaJ5F-00053v-JS log says that the > remote smarthost thinks you are not *authenticating* (which should, > but may or may not be, encrytped).
Given the configuration in the original mail, this is likely due to the fact that mail.rossland.dental is a CNAME, and reverse DNS for the eventual target resolves to "web152.dnchosting.com". Debian's Exim packaging describes the use of the passwd.client file in exim4-config-files(5), which in part says (with apologies for the longish quote): <quote> Please note that target.mail.server.example is currently the value that exim can read from reverse DNS: It first follows the host name of the target system until it finds an IP address, and then looks up the reverse DNS for that IP address to use the outcome of this query (or the IP address itself should the query fail) as index into /etc/exim4/passwd.client. This goes inevitably wrong if the host name of the mail server is a CNAME (a DNS alias), or the reverse lookup does not fit the forward one. Currently, you need to manually lookup all reverse DNS names for all IP addresses that your SMTP server host name points to, for example by using the host command. You may minimize this trouble by using a wild card entry or regular expressions, thus reducing the risk of divulging the password to the wrong SMTP server while reducing the number of necessary lines. For a deeper discussion, see the Debian BTS #244724. </quote> Thus, the hostname in passwd.client wants to be web152.dnchosting.com, not mail.rossland.dental. (Or potentially a regex or wildcard if the "152" is expected to change.) Regards Adam -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/