On 8. januára 2025 9:41:41 UTC, Gandalf Corvotempesta via Exim-users <[email protected]> wrote: >Il giorno mar 7 gen 2025 alle ore 15:58 Andrew C Aitchison
>Tried with "*", the ip, the hostname and so on, it's always ignored I afraid, that IP will not work, the "*" is not good to use, but can be really good while investigating the problem. It is not tried for hostname you configured for smarthost, but by name of its IP (PTR name, or even name from cert?), for smarthost they can differ. Thus you have to carefully inspect, which name your smarthost reports/use. The second problem can be, as stated in subject, invalid certficate. AFAIK Debian's smarthost transport doesn't verify it (by default), and thus it can be happy with self-signed and/or not matching CN/SAN (i am not sure with expired now), but cert still can be invalid for underlying TLS library (GnuTLS in Debian) for some reason. And if TLS fails, the smarthost can not advertise AUTH over plain connection, thus no AUTH attempts... I would test with gnutls-cli (or openssl s_client) to check, if (START)TLS can be established over destination port. You can stop exim's system service and run it from shell in foreground with appropriate debug options, and then watch what happens on delivery attempts. IMO you will get better help by providing smarthost's real DNS name (and port), if it is public available. regards -- Slavko https://www.slavino.sk/ -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## [email protected] ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
