On 2007-11-11 at 00:58 +0900, Mark Fletcher wrote:
> >
> > hosts_require_tls = *.google.com
>
> Yeah, the log file said something about that -- unfortunately I couldn't
> find in the readme where that hosts_require_tls should be set and a
> Fletcher classic find / grep combination of the exim-relevant
> directories I know about failed to turn up which file this setting needs
> to be in. Could you enlighten me?
Judging by the Debian system I just logged into:
/usr/share/doc/exim4/spec.txt.gz
Answer: on the smtp transport.
Eg:
smarthost_smtp:
driver = smtp
port = 587
hosts_require_tls = *
hosts_require_auth = *
which is roughly what my smtp transport on the laptop boils down to for
Gmail, after all the string-expansions I have.
> Any other ideas?
$ f=your@???
$ t=recipient@???
$ printf "From: $f\nTo: $t\nSubject: test\n\nfoo" | exim -d+all $t \
2>&1 | tee exim.output.log
After a line containing:
>>>>>>>>>>>>>>>> Remote deliveries >>>>>>>>>>>>>>>>
you should have full debug trace data, including SSL data; Exim
registers a trace callback with OpenSSL which will log all the OpenSSL
trace data to the "tls" selector (so -d+tls is sufficient to get it,
instead of -d+all).
Eg, I see this, modulo EHLO and IP address munging:
12:15:18 8394 SMTP>> EHLO XXX-something-else-here-XXX
12:15:18 8394 waiting for data on socket
12:15:18 8394 read response data: size=125
12:15:18 8394 SMTP<< 250-mx.google.com at your service, [192.0.2.1]
12:15:18 8394 250-SIZE 28311552
12:15:18 8394 250-8BITMIME
12:15:18 8394 250-STARTTLS
12:15:18 8394 250 ENHANCEDSTATUSCODES
12:15:18 8394 209.85.147.111 in hosts_avoid_tls? no (option unset)
12:15:18 8394 SMTP>> STARTTLS
12:15:18 8394 waiting for data on socket
12:15:18 8394 read response data: size=30
12:15:18 8394 SMTP<< 220 2.0.0 Ready to start TLS
12:15:18 8394 Initialized TLS
12:15:18 8394 Calling SSL_connect
12:15:18 8394 SSL info: before/connect initialization
12:15:18 8394 SSL info: before/connect initialization
12:15:18 8394 SSL info: SSLv2/v3 write client hello A
12:15:18 8394 SSL info: SSLv3 read server hello A
12:15:18 8394 SSL info: SSLv3 read server certificate A
12:15:18 8394 SSL info: SSLv3 read server done A
12:15:18 8394 SSL info: SSLv3 write client key exchange A
12:15:18 8394 SSL info: SSLv3 write change cipher spec A
12:15:18 8394 SSL info: SSLv3 write finished A
12:15:18 8394 SSL info: SSLv3 flush data
12:15:18 8394 SSL info: SSLv3 read finished A
12:15:18 8394 SSL info: SSL negotiation finished successfully
12:15:18 8394 SSL info: SSL negotiation finished successfully
12:15:18 8394 SSL_connect succeeded
12:15:18 8394 Cipher: TLSv1:DES-CBC3-SHA:168
12:15:18 8394 SMTP>> EHLO XXX-something-else-here-XXX
12:15:18 8394 tls_do_write(bfffc813, 34)
12:15:18 8394 SSL_write(SSL, bfffc813, 34)
12:15:18 8394 outbytes=34 error=0
12:15:18 8394 waiting for data on socket
12:15:18 8394 Calling SSL_read(608e40, bfffcc13, 4096)
12:15:18 8394 read response data: size=133
12:15:18 8394 SMTP<< 250-mx.google.com at your service, [192.0.2.1]
12:15:18 8394 250-SIZE 28311552
12:15:18 8394 250-8BITMIME
12:15:18 8394 250-AUTH LOGIN PLAIN
12:15:18 8394 250 ENHANCEDSTATUSCODES
Regards,
-Phil