Re: [exim] smarthost relay problems

Etusivu
Poista viesti
Vastaa
Lähettäjä: Bill Hacker
Päiväys:  
Kopio: exim-users
Aihe: Re: [exim] smarthost relay problems
Rob Brenart wrote:

> Bill Hacker wrote:
>
>> Marc Sherman wrote:
>>
>>> Rob Brenart wrote:
>>>
>>>>
>>>> Thanks for the advice... it is a debian list, so I've asked on the
>>>> exim4 debian user's list and we'll see if I get any hits... in case
>>>> it matters though, I tried your command and received the
>>>> following... but no message delivered. However, I think I see the
>>>> problem, :25... I'm pretty sure I need to be coming in over 465 with
>>>> SSL... trying to find in the docs how to set this now
>>>
>>>
>>>
>>> Exim does not support tls-on-connect (port 465) as a client. You'll
>>> have to use stunnel or something.
>>>
>>> - Marc
>>
>>
>> AFAIK Exim supports tls_on_connect on any port you specify. RTFM.
>>
>> In addition to a menagerie of non-standard ports, I was even trialing
>> it on port 80 a few days ago.
>>
>> Gets around firewalls quite nicely, but throws some weird log entries
>> when search-bots try to crawl a non-existent webpage...
>>
>> ;-)
>>
>> Bill Hacker
>>
>>
> I did RTFM and it claimed it would all "just work", it doesn't... and I
> can't seem to find an entry about how to make it try port 465 instead of 25
>


There is a simpler way to annotate it, but this should cover it all:
=============================================

local_interfaces = <your first IP> : <your next IP>

# Defaults to all if not mentioned.

daemon_smtp_ports = 25 : <second port>: <third port>: <fourth port> :
465 :<fifth port>

# defaults to 25 if not mentioned

tls_on_connect_ports = 465 : <next port>    (( those ones will work the 
old SSL protocol))


#defaults to none, AFAIK, but runs TLS on all.
#Note that there is no colon after the last entry.

tls_certificate = /usr/local/etc/exim/certs/<your cert filename>
#You did generate & install a cert?

tls_advertise_hosts = *

tls_remember_esmtp = yes

# These to get esmtps // esmtpsa TLS end-to-end with hosts that grok it

auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
# there are variations on this

===============================================

But Mark's point still applies to MUA's (e-mail clients).

- Not all will allow selection of the port you want.

- Many will not allow selection between TLS, and TLS-on-connect,
(which is a new name for the older SSL protocol).

You also need to sort the issue of authentication credentials as to
PLAIN, LOGIN, CRAMD5, SASSL, PEM

- Not all MUA's allow all choices - some make assumptions.

Mozilla Suite mailer is one that will do. There are many others.

HTH,

Bill