Re: [Exim] TLS errors from remote host

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Todd Jagger
CC: exim-users
Subject: Re: [Exim] TLS errors from remote host
On Thu, 2 Aug 2001, Todd Jagger wrote:

> First, I want to say Philip, you've really done a fantastic job with
> the Exim book. Most O'Reilly books are quite good but this is one of
> the best for usefulness, clarity and readability. Thanks!


Thank you. I can assure you that there were times when I nearly gave up,
so it's nice to know that I've got it right for some people at least.

>    SMTP<< 250-mail.icehouse.net
>           250-PIPELINING
>           250-STARTTLS
>           250-SIZE 0
>           250 8BITMIME
> host in ? no (option unset)
>    SMTP>> STARTTLS
> read response data: size=57
>    SMTP<< 454 TLS not available: missing RSA private key (#4.3.0)
> ok=0 send_quit=1 send_rset=1 continue_more=0 yield=1
> first_address=541008
>    SMTP>> QUIT


The server offers TLS connections; therefore Exim tries to start a TLS
session; the host gives a temporary error (454); Exim goes away, to try
again later. Had it been a permanent error (5xx), Exim would have tried
to deliver the mail unencrypted (unless the host was in
hosts_require_tls in the smtp transport).

> Okay, although I built in TLS support for exim and have generated a
> key, I've not set anything up for TLS on our side; nothing is being
> advertised or broadcast.


There's no need. As a client, Exim will automatically try to use TLS if
the server offers it.

But you can turn this off for specific hosts by setting hosts_avoid_tls
(in the smtp transport). That option was created specifically for the
case of broken servers like the one you are dealing with.

Philip

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.