Re: [exim] [Exim] Exim4 trying to talk to GMAIL

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Mark Fletcher at <-
MM+\Mark Fletcher at ->
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Mark Fletcher
CC: exim-users
Subject: Re: [exim] [Exim] Exim4 trying to talk to GMAIL
On 2007-11-08 at 00:52 +0900, Mark Fletcher wrote:
> I'm having problems getting exim 4.63 to talk to Gmail. What I have done
> is set up Exim4 on my Debian GNU/Linux laptop to use smtp.gmail.com as a
> smarthost for sending email. This is to avoid narking off my ISP by
> trying to send out mail directly from my own machine... ;-)

You probably also want to try port 587 to avoid hitting any port 25
restrictions imposed by your ISP.

I can confirm success using TLS and authentication to talk to Gmail. My
configuration is rather more complex than needed though, as it handles
multiple smarthosts for this laptop driven by a pair of external config
files and it's not really helpful for you (beyond saying use SASL PLAIN
(or the LOGIN gunk) authentication once you're past the TLS hurdle, and
be aware that no matter what you put in the SMTP Envelope Sender, Gmail
will replace it with the email address that you authenticated with).

> 2007-11-07 23:05:02 1IplWg-0002Qp-Uo <= mark@satellite U=mark P=local
> S=370
> 2007-11-07 23:06:44 1IplWg-0002Qp-Uo TLS error on connection to
> gmail-smtp.l.google.com [64.233.179.109] (SSL_connect):
> error:00000000:lib(0):func(0):reason(0)
> 2007-11-07 23:06:44 1IplWg-0002Qp-Uo TLS session failure: delivering
> unencrypted to gmail-smtp.l.google.com [64.233.179.109] (not in
> hosts_require_tls)

You can stop the rest of the output by using hosts_require_tls for
gmail.

hosts_require_tls = *.google.com

> Now that actually has got me thinking -- is exim4 trying to do a
> STARTTLS without first doing a HELO??? Is that configurable?

No. Exim has to do the EHLO to get the ESMTP capabilities returned in
response, whereupon it sees STARTTLS advertised. You can submit an
email with debugging enabled and trace the SMTP. See the "-d" option to
Exim; SMTP commands are included in the default output.

So the problem here is that your SSL library is failing when it tries to
set up SSL to the remote side, with no apparent logging of why. My gut
instinct reaction is to suspect that you're compiling Exim against
differently versioned headers of OpenSSL than the library you're
getting. Which version of "libssl-dev" is installed and which version
does "ldd" report that Exim is linked against?

Regards,
-Phil

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Should MX offer TLS ?Re: [exim] smtp_accept_max_per_host->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)