Re: [exim] Re (2): Re (2): Configuring for non-encrypted MUA to localhost. TLS-on-connect, exim to smarthost.
On 08/04/2023 23:35, Peter via Exim-users wrote: (1) The man page shows option -f without explanation. How is it used? It has no effect, though it is parsed and is not an error. Despite the author's note on that manpage (at least in the Ubunto online one I found) the source must have been glanced at. The actual Exim documentation doesn't mention it. (2) Why split the database identifier into path and file? Why not just the fully qualified name? Eg. exim_tidydb -t 1m /var/spool/exim4/db/retry That's not a "file", it's a hints-database name. It lets the utility Do The Right Thing when the database is made of multiple files, or a file with some name depending on, but not identical to, the name of the hints-db. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re (2): Re (2): Configuring for non-encrypted MUA to localhost. TLS-on-connect, exim to smarthost.
From: Jeremy Harris via Exim-users Date: Sat, 8 Apr 2023 19:58:34 +0100 ... or you could just wipe the hints database. After reading the output of "man exim_tidydb" checked this. $ ls -d /var/spool/exim4/db/* /var/spool/exim4/db/retry /var/spool/exim4/db/retry.lockfile /var/spool/exim4/db/wait-remote_smtp_smarthost /var/spool/exim4/db/wait-remote_smtp_smarthost.lockfile Therefore I should try this. $ exim_tidydb -t 1m /var/spool/exim4 retry Two incidental questions. (1) The man page shows option -f without explanation. How is it used? (2) Why split the database identifier into path and file? Why not just the fully qualified name? Eg. exim_tidydb -t 1m /var/spool/exim4/db/retry Might continue tomorrow or later. Thanks for the help, ... P. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Re (2): Configuring for non-encrypted MUA to localhost. TLS-on-connect, exim to smarthost.
On 08/04/2023 19:16, Peter via Exim-users wrote: Appears the log I have now is complete; the last line has "terminating with rc=0". Rather than clutter the mailing list with mostly insignificant data I put it here. http://easthope.ca/eximdebug.txt Somewhere along the way the UTF-8 in that got mangled... But here: 19:37:10 5273 ** pe...@easthope.ca R=smarthost T=remote_smtp_smarthost: all hosts for 'easthope.ca' have been failing for a long time (and retry time not reached) "retry time not reached" is the relevant bit. Exim is holding off for a bit from trying to connect to a host it has recorded as failing. It'll try again eventually (assuming you have periodic queue runs) - or you could just wipe the hints database. (and that line was being sent to your main log, as well as debug output) -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re (2): Configuring for non-encrypted MUA to localhost. TLS-on-connect, exim to smarthost.
Andrew, thanks for replying. From: Andrew C Aitchison Date: Thu, 6 Apr 2023 22:53:30 +0100 (BST) Ah. I have finally got my head around what you are attempting to do. If not told otherwise, I'd have thought the stated objective is trivial. Relay a message. TLS not required within localhost. TLS required between localhost and smarthost. What could be simpler? Dropping TLS is bad practice in contemporary conditions. If you need exim to send mail to port 465 on the "smarthost" you cannot just tell it to send the mail ... that would go to port 25 ... $ grep 465 /etc/exim4/update-exim4.conf.conf dc_smarthost='mail.easthope.ca::465' 25 # 465 (and use starttls). Opportunistic TLS (or STARTTLS) versus Implicit TLS (or TLS-on-connect) has a history of confusion. =8~/ https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers#cite_ref-tcp465_86-0 Even the use of multiple synonymous terms confuses novices. Opportunistic TLS provides vulnerability. https://en.wikipedia.org/wiki/Opportunistic_TLS#Weaknesses_and_mitigations Phasing out of vulnerability and facilitation of security are good practices. =8~) Appears the log I have now is complete; the last line has "terminating with rc=0". Rather than clutter the mailing list with mostly insignificant data I put it here. http://easthope.ca/eximdebug.txt If wanted in the mailing list, let me know. You need exim to pretend to be an MUA/MSA. ? A good MUA/MSA is here already. It works when exim communicates to smarthost port 587, STARTTLS. My objective is a MTA described in first lines above. ... I'm sending this now, while I reread the spec and consider how it might be done, ... Thanks. ... my first thought is that you need a transport especially for this host ... With very limited knowledge, creation of a transport is a formidable challenge. =8~/ ... with options to force the connection to port 465 and tls-on-connect. Yes for exim to smarthost. MUA/MSA to exim is unencrypted, port 25. Thanks, ... P. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
