On Thu, 2 Aug 2001, Todd Jagger wrote:
> First, I want to say Philip, you've really done a fantastic job with
> the Exim book. Most O'Reilly books are quite good but this is one of
> the best for usefulness, clarity and readability. Thanks!
Thank you. I can assure you that there were times when I nearly gave up,
so it's nice to know that I've got it right for some people at least.
> SMTP<< 250-mail.icehouse.net
> 250-PIPELINING
> 250-STARTTLS
> 250-SIZE 0
> 250 8BITMIME
> host in ? no (option unset)
> SMTP>> STARTTLS
> read response data: size=57
> SMTP<< 454 TLS not available: missing RSA private key (#4.3.0)
> ok=0 send_quit=1 send_rset=1 continue_more=0 yield=1
> first_address=541008
> SMTP>> QUIT
The server offers TLS connections; therefore Exim tries to start a TLS
session; the host gives a temporary error (454); Exim goes away, to try
again later. Had it been a permanent error (5xx), Exim would have tried
to deliver the mail unencrypted (unless the host was in
hosts_require_tls in the smtp transport).
> Okay, although I built in TLS support for exim and have generated a
> key, I've not set anything up for TLS on our side; nothing is being
> advertised or broadcast.
There's no need. As a client, Exim will automatically try to use TLS if
the server offers it.
But you can turn this off for specific hosts by setting hosts_avoid_tls
(in the smtp transport). That option was created specifically for the
case of broken servers like the one you are dealing with.
Philip
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
