Re: [exim] sending e-mail through a directnic server [RESOLVED]
Hi, On 18/12/19 2:54 pm, Gary Dale via Exim-users wrote: > I finally figured it out by checking an error message that I'm getting > in the exim4 log lately. Apparently Exim4 keeps some files in > /var/spool/exim4/db that were keeping e-mail from even attempting to be > sent. Clearing the directory allowed mail to proceed. Was it a problem with retry period not yet reached for the domain? If you try to send emails repeatedly and they fail, then they are put back in the queue to try again later -- if delivery problems arise, the time before retrying is extended so that it doesn't keep trying to hit the server that it couldn't send to again and again and again (too often). That is... let's say the remote server had some problems, then your server would retry, but give up and extend the retry period. # cat /etc/exim4/conf.d/retry/30_exim4-config ### retry/30_exim4-config # # This single retry rule applies to all domains and all errors. It specifies # retries every 15 minutes for 2 hours, then increasing retry intervals, # starting at 1 hour and increasing each time by a factor of 1.5, up to 16 # hours, then retries every 6 hours until 4 days have passed since the first # failed delivery. # Please note that these rules only limit the frequency of retries, the # effective retry-time depends on the frequency of queue-running, too. # See QUEUEINTERVAL in /etc/default/exim4. # Address or DomainError Retries # -- --- * * F,2h,15m; G,16h,1h,1.5; F,4d,6h Kind Regards AndrewM -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] sending e-mail through a directnic server [RESOLVED]
On 2019-11-28 1:59 p.m., Gary Dale via Exim-users wrote: On 2019-11-28 1:28 p.m., Adam D. Barratt wrote: On Thu, 2019-11-28 at 14:00 +, Andrew C Aitchison via Exim-users wrote: On Thu, 28 Nov 2019, Gary Dale via Exim-users wrote: [...] It looks like the remote smarthost thinks I'm not using TLS. No. TLS is about encryption. The 1iaJ5F-00053v-JS log says that the remote smarthost thinks you are not *authenticating* (which should, but may or may not be, encrytped). Given the configuration in the original mail, this is likely due to the fact that mail.rossland.dental is a CNAME, and reverse DNS for the eventual target resolves to "web152.dnchosting.com". Debian's Exim packaging describes the use of the passwd.client file in exim4-config-files(5), which in part says (with apologies for the longish quote): Please note that target.mail.server.example is currently the value that exim can read from reverse DNS: It first follows the host name of the target system until it finds an IP address, and then looks up the reverse DNS for that IP address to use the outcome of this query (or the IP address itself should the query fail) as index into /etc/exim4/passwd.client. This goes inevitably wrong if the host name of the mail server is a CNAME (a DNS alias), or the reverse lookup does not fit the forward one. Currently, you need to manually lookup all reverse DNS names for all IP addresses that your SMTP server host name points to, for example by using the host command. You may minimize this trouble by using a wild card entry or regular expressions, thus reducing the risk of divulging the password to the wrong SMTP server while reducing the number of necessary lines. For a deeper discussion, see the Debian BTS #244724. Thus, the hostname in passwd.client wants to be web152.dnchosting.com, not mail.rossland.dental. (Or potentially a regex or wildcard if the "152" is expected to change.) Regards Adam I'm aware of that issue and therefore have my passwd.client file provide credentials for both *.dnchosting.com and *.rossland.dental. I finally figured it out by checking an error message that I'm getting in the exim4 log lately. Apparently Exim4 keeps some files in /var/spool/exim4/db that were keeping e-mail from even attempting to be sent. Clearing the directory allowed mail to proceed. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] sending e-mail through a directnic server
On 2019-11-28 1:28 p.m., Adam D. Barratt wrote: On Thu, 2019-11-28 at 14:00 +, Andrew C Aitchison via Exim-users wrote: On Thu, 28 Nov 2019, Gary Dale via Exim-users wrote: [...] It looks like the remote smarthost thinks I'm not using TLS. No. TLS is about encryption. The 1iaJ5F-00053v-JS log says that the remote smarthost thinks you are not *authenticating* (which should, but may or may not be, encrytped). Given the configuration in the original mail, this is likely due to the fact that mail.rossland.dental is a CNAME, and reverse DNS for the eventual target resolves to "web152.dnchosting.com". Debian's Exim packaging describes the use of the passwd.client file in exim4-config-files(5), which in part says (with apologies for the longish quote): Please note that target.mail.server.example is currently the value that exim can read from reverse DNS: It first follows the host name of the target system until it finds an IP address, and then looks up the reverse DNS for that IP address to use the outcome of this query (or the IP address itself should the query fail) as index into /etc/exim4/passwd.client. This goes inevitably wrong if the host name of the mail server is a CNAME (a DNS alias), or the reverse lookup does not fit the forward one. Currently, you need to manually lookup all reverse DNS names for all IP addresses that your SMTP server host name points to, for example by using the host command. You may minimize this trouble by using a wild card entry or regular expressions, thus reducing the risk of divulging the password to the wrong SMTP server while reducing the number of necessary lines. For a deeper discussion, see the Debian BTS #244724. Thus, the hostname in passwd.client wants to be web152.dnchosting.com, not mail.rossland.dental. (Or potentially a regex or wildcard if the "152" is expected to change.) Regards Adam I'm aware of that issue and therefore have my passwd.client file provide credentials for both *.dnchosting.com and *.rossland.dental. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] sending e-mail through a directnic server
On Thu, 2019-11-28 at 14:00 +, Andrew C Aitchison via Exim-users wrote: > On Thu, 28 Nov 2019, Gary Dale via Exim-users wrote: [...] > > It looks like the remote smarthost thinks I'm not using TLS. > > No. TLS is about encryption. The 1iaJ5F-00053v-JS log says that the > remote smarthost thinks you are not *authenticating* (which should, > but may or may not be, encrytped). Given the configuration in the original mail, this is likely due to the fact that mail.rossland.dental is a CNAME, and reverse DNS for the eventual target resolves to "web152.dnchosting.com". Debian's Exim packaging describes the use of the passwd.client file in exim4-config-files(5), which in part says (with apologies for the longish quote): Please note that target.mail.server.example is currently the value that exim can read from reverse DNS: It first follows the host name of the target system until it finds an IP address, and then looks up the reverse DNS for that IP address to use the outcome of this query (or the IP address itself should the query fail) as index into /etc/exim4/passwd.client. This goes inevitably wrong if the host name of the mail server is a CNAME (a DNS alias), or the reverse lookup does not fit the forward one. Currently, you need to manually lookup all reverse DNS names for all IP addresses that your SMTP server host name points to, for example by using the host command. You may minimize this trouble by using a wild card entry or regular expressions, thus reducing the risk of divulging the password to the wrong SMTP server while reducing the number of necessary lines. For a deeper discussion, see the Debian BTS #244724. Thus, the hostname in passwd.client wants to be web152.dnchosting.com, not mail.rossland.dental. (Or potentially a regex or wildcard if the "152" is expected to change.) Regards Adam -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] sending e-mail through a directnic server
On Thu, 28 Nov 2019, Gary Dale via Exim-users wrote: On 2019-11-28 2:40 a.m., Graeme Fowler via Exim-users wrote: On 27 Nov 2019, at 20:44, Gary Dale via Exim-users wrote: The test message sent by swaks (in the testing section of the howto) again simply sits in the mailq. I know this should be a *really* obvious question, but? What do the logs say for each attempt to deliver the message? Are there any attempts to deliver? Graeme Apart from lots of "frozen" messages, I found this and some similar entries: If you run something like: exigrep dental logfile you will get your log sorted by message, which may make things clearer. removing the dentaloffice from the domain name, which is how I used to have it before going through the smtps howto, and sending a new message to garyd...@rogers.com, I got this: [ Reformatted by AA using grepmail. Has long lines. ] 2019-11-28 07:39:45 1iaJ5F-00053v-JS <= root@rossland.dental U=root P=local S=791 2019-11-28 07:39:46 1iaJ5F-00053v-JS ** garyd...@rogers.com R=smarthost T=remote_smtp_smarthost H=rossland.dental [104.171.30.152] X=TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=no DN="C=US,postalCode=70002,ST=Louisiana,L=Metaire,street=3500 N. Causeway Blvd Suite 160,O=DNC Holdings Inc.,OU=Support,OU=Hosted by DNC Holdings\, Inc.,OU=PremiumSSL Wildcard,CN=*.dnchosting.com": SMTP error from remote mail server after RCPT TO:: 550-Please turn on SMTP Authentication in your mail client.\n550-cpe0018e7d3134a-cm00195ed9bd6e.cpe.net.cable.rogers.com\n550-(molar.dentaloffice.rossland.dental) [99.248.179.149]:51442 is not\n550 permitted to relay through this server without authentication. 2019-11-28 07:39:46 1iaJ5F-00053v-JS Completed +++ 1iaJ5G-00053y-5k has not completed +++ 2019-11-28 07:39:46 1iaJ5G-00053y-5k <= <> R=1iaJ5F-00053v-JS U=Debian-exim P=local S=2748 2019-11-28 07:39:52 1iaJ5G-00053y-5k ** root@rossland.dental R=smarthost T=remote_smtp_smarthost H=rossland.dental [104.171.30.152] X=TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=no DN="C=US,postalCode=70002,ST=Louisiana,L=Metaire,street=3500 N. Causeway Blvd Suite 160,O=DNC Holdings Inc.,OU=Support,OU=Hosted by DNC Holdings\, Inc.,OU=PremiumSSL Wildcard,CN=*.dnchosting.com": SMTP error from remote mail server after end of data: 550 This message was classified as SPAM and may not be delivered 2019-11-28 07:39:52 1iaJ5G-00053y-5k Frozen (delivery error message) It looks like the remote smarthost thinks I'm not using TLS. No. TLS is about encryption. The 1iaJ5F-00053v-JS log says that the remote smarthost thinks you are not *authenticating* (which should, but may or may not be, encrytped). -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] sending e-mail through a directnic server
On 2019-11-28 2:40 a.m., Graeme Fowler via Exim-users wrote: On 27 Nov 2019, at 20:44, Gary Dale via Exim-users wrote: The test message sent by swaks (in the testing section of the howto) again simply sits in the mailq. I know this should be a *really* obvious question, but… What do the logs say for each attempt to deliver the message? Are there any attempts to deliver? Graeme Apart from lots of "frozen" messages, I found this and some similar entries: 2019-11-28 06:03:25 1iaHa1-0004fp-1B <= sendmail@rossland.dental U=root P=local S=1519775 2019-11-28 06:03:25 1iaHa1-0004fr-2V <= root@molar.dentaloffice.rossland.dental U=root P=local S=990 2019-11-28 06:03:25 1iaHa1-0004fr-2V => garydale R=local_user T=mail_spool 2019-11-28 06:03:25 1iaHa1-0004fr-2V Completed 2019-11-28 06:03:25 1iaHa1-0004fp-1B ** g...@extremeground.com R=smarthost T=remote_smtp_smarthost H=rossland.dental [104.171.30.152] X=TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=no DN="C=US,postalCode=70002,ST=Louisiana,L=Metaire,street=3500 N. Causeway Blvd Suite 160,O=DNC Holdings Inc.,OU=Support,OU=Hosted by DNC Holdings\, Inc.,OU=PremiumSSL Wildcard,CN=*.dnchosting.com": SMTP error from remote mail server after RCPT TO:: 550-Please turn on SMTP Authentication in your mail client.\n550-cpe0018e7d3134a-cm00195ed9bd6e.cpe.net.cable.rogers.com\n550-(molar.dentaloffice.rossland.dental) [99.248.179.149]:51432 is not\n550 permitted to relay through this server without authentication. 2019-11-28 06:03:25 1iaHa1-0004fv-Nz <= <> R=1iaHa1-0004fp-1B U=Debian-exim P=local S=2586 2019-11-28 06:03:25 1iaHa1-0004fp-1B Completed 2019-11-28 06:03:32 1iaHa1-0004fv-Nz => sendmail@rossland.dental R=smarthost T=remote_smtp_smarthost H=rossland.dental [104.171.30.152] X=TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=no DN="C=US,postalCode=70002,ST=Louisiana,L=Metaire,street=3500 N. Causeway Blvd Suite 160,O=DNC Holdings Inc.,OU=Support,OU=Hosted by DNC Holdings\, Inc.,OU=PremiumSSL Wildcard,CN=*.dnchosting.com" C="250 OK id=1iaHa2-002Av7-26" which I find rather baffling. A later group of message is equally puzzling: 2019-11-28 06:39:36 1iZZ2d-0005S6-MV Unfrozen by errmsg timer 2019-11-28 06:39:42 1iZZ2d-0005S6-MV ** root@rossland.dental R=smarthost T=remote_smtp_smarthost H=rossland.dental [104.171.30.152] X=TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=no DN="C=US,postalCode=70002,ST=Louisiana,L=Metaire,street=3500 N. Causeway Blvd Suite 160,O=DNC Holdings Inc.,OU=Support,OU=Hosted by DNC Holdings\, Inc.,OU=PremiumSSL Wildcard,CN=*.dnchosting.com": SMTP error from remote mail server after end of data: 550 This message was classified as SPAM and may not be delivered 2019-11-28 06:39:42 1iZZ2d-0005S6-MV root@rossland.dental: error ignored 2019-11-28 06:39:42 1iZZ2d-0005S6-MV Completed removing the dentaloffice from the domain name, which is how I used to have it before going through the smtps howto, and sending a new message to garyd...@rogers.com, I got this: 2019-11-28 07:39:45 1iaJ5F-00053v-JS <= root@rossland.dental U=root P=local S=791 2019-11-28 07:39:46 1iaJ5F-00053v-JS ** garyd...@rogers.com R=smarthost T=remote_smtp_smarthost H=rossland.dental [104.171.30.152] X=TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=no DN="C=US,postalCode=70002,ST=Louisiana,L=Metaire,street=3500 N. Causeway Blvd Suite 160,O=DNC Holdings Inc.,OU=Support,OU=Hosted by DNC Holdings\, Inc.,OU=PremiumSSL Wildcard,CN=*.dnchosting.com": SMTP error from remote mail server after RCPT TO:: 550-Please turn on SMTP Authentication in your mail client.\n550-cpe0018e7d3134a-cm00195ed9bd6e.cpe.net.cable.rogers.com\n550-(molar.dentaloffice.rossland.dental) [99.248.179.149]:51442 is not\n550 permitted to relay through this server without authentication. 2019-11-28 07:39:46 1iaJ5G-00053y-5k <= <> R=1iaJ5F-00053v-JS U=Debian-exim P=local S=2748 2019-11-28 07:39:46 1iaJ5F-00053v-JS Completed 2019-11-28 07:39:52 1iaJ5G-00053y-5k ** root@rossland.dental R=smarthost T=remote_smtp_smarthost H=rossland.dental [104.171.30.152] X=TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=no DN="C=US,postalCode=70002,ST=Louisiana,L=Metaire,street=3500 N. Causeway Blvd Suite 160,O=DNC Holdings Inc.,OU=Support,OU=Hosted by DNC Holdings\, Inc.,OU=PremiumSSL Wildcard,CN=*.dnchosting.com": SMTP error from remote mail server after end of data: 550 This message was classified as SPAM and may not be delivered 2019-11-28 07:39:52 1iaJ5G-00053y-5k Frozen (delivery error message) It looks like the remote smarthost thinks I'm not using TLS. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] sending e-mail through a directnic server
On 27 Nov 2019, at 20:44, Gary Dale via Exim-users wrote: > The test message sent by swaks (in the testing section of the howto) again > simply sits in the mailq. I know this should be a *really* obvious question, but… What do the logs say for each attempt to deliver the message? Are there any attempts to deliver? Graeme -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] sending e-mail through a directnic server
On 2019-11-27 10:04 a.m., Heiko Schlittermann via Exim-users wrote: Hi, Gary Dale via Exim-users (Mi 27 Nov 2019 10:21:18 CST): mail from: sendmail@rossland.dental 250 OK rcpt to: sendmail@rossland.dental 250 Accepted data 354 Enter message, ending with "." on a line by itself from: sendmail@rossland.dental to: g...@extremeground.com, garyd...@rogers.com Date: 26 Nov 2019 20:59:00 -0500 subject: test message from s_client with 2 recipients another test message - with a date possibly. . 250 OK id=1iZmbP-005vB9-E0 DONE The mail doesn't get to either "to:" address but does show up in the "rcpt to:" inbox. Yes, it is exactly as mail is supposed to work. The SMTP RCPT TO is the address, the mail system will deliver the message to (call it the "envelope"). The To: line is part of the message, a mail system should not care about the message (to a limited extend). From the above, I gather that I have the correct names, ports and credentials. However I'm not able to send mail. It just sits in my server's mailq. I do not understand. Above you stated, the mail shows up in the rcpt to's inbox (the envelope recipient's inbox). No you're telling us, that it sits in the queue. I'm lost. Different servers. When I use s_client to connect to the remote server, I get mail. When I send it from my local exim4 server, I don't. Here's my update-exim4.conf.conf file. dc_eximconfig_configtype='smarthost' dc_other_hostnames='molar.rossland.dental' dc_local_interfaces='127.0.0.1 ; ::1' dc_readhost='' dc_relay_domains='' dc_minimaldns='false' dc_relay_nets='' dc_smarthost='mail.rossland.dental::465' CFILEMODE='644' dc_use_split_config='false' dc_hide_mailname='false' dc_mailname_in_oh='true' dc_localdelivery='mail_spool' I'm not sure, if Exim is meanwhile able to use SMTPS (TLS-on-connect) as a client. As a server, it does, but as a client? Ah, the spec tells me, it does. There is a SMTP transport option "protocol", it may be set to "smtps". So, you'll need to fiddle with your configuration (or with the Debian provided config files) to use the "protocol" option. Or - try if molar.rossland.dental allow submission on port 587. I had thought that was required only if the "Connection security" (to use Thunderbird's terminology was STARTTLS. However I followed the instructions at https://dantalion.nl/en/configure-exim4-smtp-relay-to-use-tls-on-connect/ to set up smtps but that failed also. The test message sent by swaks (in the testing section of the howto) again simply sits in the mailq. I followed the instructions exactly, which apart from the config settings, also requires setting the .template file to include a couple of lines as follows: remote_smtp_smarthost: debug_print = "T: remote_smtp_smarthost for $local_part@$domain" driver = smtp * hosts_require_tls = mail.rossland.dental** ** protocol = smtps** * multi_domain Still no joy in Mudville. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] sending e-mail through a directnic server
Hi,
Gary Dale via Exim-users (Mi 27 Nov 2019 10:21:18 CST):
> mail from: sendmail@rossland.dental
> 250 OK
> rcpt to: sendmail@rossland.dental
> 250 Accepted
> data
> 354 Enter message, ending with "." on a line by itself
> from: sendmail@rossland.dental
> to: g...@extremeground.com, garyd...@rogers.com
> Date: 26 Nov 2019 20:59:00 -0500
> subject: test message from s_client with 2 recipients
> another test message - with a date possibly.
> .
> 250 OK id=1iZmbP-005vB9-E0
> DONE
>
> The mail doesn't get to either "to:" address but does show up in the "rcpt
> to:" inbox.
Yes, it is exactly as mail is supposed to work. The SMTP RCPT TO is the
address, the mail system will deliver the message to (call it the
"envelope"). The To: line is part of the message, a mail system should
not care about the message (to a limited extend).
> From the above, I gather that I have the correct names, ports and
> credentials. However I'm not able to send mail. It just sits in my server's
> mailq.
I do not understand. Above you stated, the mail shows up in the rcpt
to's inbox (the envelope recipient's inbox). No you're telling us, that
it sits in the queue. I'm lost.
> Here's my update-exim4.conf.conf file.
>
> dc_eximconfig_configtype='smarthost'
> dc_other_hostnames='molar.rossland.dental'
> dc_local_interfaces='127.0.0.1 ; ::1'
> dc_readhost=''
> dc_relay_domains=''
> dc_minimaldns='false'
> dc_relay_nets=''
> dc_smarthost='mail.rossland.dental::465'
> CFILEMODE='644'
> dc_use_split_config='false'
> dc_hide_mailname='false'
> dc_mailname_in_oh='true'
> dc_localdelivery='mail_spool'
I'm not sure, if Exim is meanwhile able to use SMTPS (TLS-on-connect) as
a client. As a server, it does, but as a client?
Ah, the spec tells me, it does. There is a SMTP transport option
"protocol", it may be set to "smtps".
So, you'll need to fiddle with your configuration (or with the Debian
provided config files) to use the "protocol" option. Or - try if
molar.rossland.dental allow submission on port 587.
Best regards
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 -
signature.asc
Description: PGP signature
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
