Re: [Exim] TLS errors from remote host

Góra strony
Delete this message
Reply to this message
Autor: Todd Jagger
Data:  
Dla: exim-users
Temat: Re: [Exim] TLS errors from remote host
>
> >    SMTP<< 250-mail.icehouse.net
> >           250-PIPELINING
> >           250-STARTTLS
> >           250-SIZE 0
> >           250 8BITMIME
> > host in ? no (option unset)
> >    SMTP>> STARTTLS
> > read response data: size=57
> >    SMTP<< 454 TLS not available: missing RSA private key (#4.3.0)
> > ok=0 send_quit=1 send_rset=1 continue_more=0 yield=1
> > first_address=541008
> >    SMTP>> QUIT

>
>The server offers TLS connections; therefore Exim tries to start a TLS
>session; the host gives a temporary error (454); Exim goes away, to
>try
>again later. Had it been a permanent error (5xx), Exim would have
>tried
>to deliver the mail unencrypted (unless the host was in
>hosts_require_tls in the smtp transport).
>
> > Okay, although I built in TLS support for exim and have generated a
> > key, I've not set anything up for TLS on our side; nothing is being
> > advertised or broadcast.
>
>There's no need. As a client, Exim will automatically try to use TLS
>if
>the server offers it.
>
>But you can turn this off for specific hosts by setting
>hosts_avoid_tls
>(in the smtp transport). That option was created specifically for the
>case of broken servers like the one you are dealing with.



Thanks for the reply.

Okay so let me get this straight just so I know for future
reference.... Is the remote server the one without a certificate or
did I not generate and install the certificate correctly on my side for
Exim to use it as a client? Basically I just generated the key &
certificate according to the command line option in the book and then
told Exim where that was with the tls_certificate and the
tls_privatekey entries in configure.

I'll turn that off for this host but I just want to make sure I
understand what's going on so I might offer a suggestion to the other
postmaster.

Regards,
Todd