Re: [exim] configuring exim4 smtp to use SSL

Góra strony
Delete this message
Reply to this message
Autor: Gary Dale
Data:  
Dla: exim-users
Temat: Re: [exim] configuring exim4 smtp to use SSL
On 22/03/15 02:06 PM, Ferenc Wagner wrote:
> Gary Dale <garydale@???> writes:
>
>> /home/garydale# exim -v -M 1YY9QG-0006Yj-AV
>> delivering 1YY9QG-0006Yj-AV
>> R: smarthost for gary@???
>> T: remote_smtp_smarthost for gary@???
>> Transport port=25 replaced by host-specific port=465
>> Connecting to sunspot.dnchosting.com [199.7.109.2]:465 ... connected
>> LOG: MAIN
>>    Remote host sunspot.dnchosting.com [199.7.109.2] closed connection
>> in response to initial connection
>> LOG: MAIN
>>    == gary@??? R=smarthost T=remote_smtp_smarthost defer
>> (-18): Remote host sunspot.dnchosting.com [199.7.109.2] closed
>> connection in response to initial connection

>>
>> The autoconfigure file contains the line tls_on_connect_ports = 465 and
> This changes the listen port behaviour (Exim as a server), not the
> client behaviour.
>
>> .ifndef DCsmarthost
>> DCsmarthost=web002.dnchosting.com::465
>> .endif
> If protocol = smtps is set in the remote_smtp_smarthost transport, the
> port number needn't be specified. The above log suggests that it isn't,
> please check it again. You could also tcpdump the traffic to make sure
> it's doing TLS on connect.
>
> Please show us the section starting by "remote_smtp_smarthost:" in the
> file named by exim4 -bP configure_file.

/var/lib/exim4/config.autogenerated

remote_smtp_smarthost:
   debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
   driver = smtp
   hosts_try_auth = <; ${if exists{CONFDIR/passwd.client} \
         {\
${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}}\
         }\
         {} \
       }
.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
   hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
.endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
   headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
   return_path = REMOTE_SMTP_RETURN_PATH
.endif
.ifdef REMOTE_SMTP_HELO_DATA
   helo_data=REMOTE_SMTP_HELO_DATA
.endif
.ifdef TLS_DH_MIN_BITS
tls_dh_min_bits = TLS_DH_MIN_BITS
.endif



>
>> exim -bP transports seems to hang. It's been several minutes and it's
>> not completed.
> That's unexpected. Try strace to find out what it's waiting for.


It actually never completed. I killed it the next day. However today it
seems to be completing. Here's the output:


address_file transport:
no_body_only
current_directory =
debug_print = T: address_file for $local_part@$domain
delivery_date_add
no_disable_logging
driver = appendfile
envelope_to_add
group =
headers_add =
no_headers_only
headers_remove =
headers_rewrite =
home_directory =
no_initgroups
message_size_limit =
no_rcpt_include_affixes
retry_use_local_part
return_path =
return_path_add
shadow_condition =
shadow_transport =
transport_filter =
transport_filter_timeout = 5m
user =
*expand_maildir_use_size_file =
no_allow_fifo
no_allow_symlink
batch_id =
batch_max = 1
no_check_group
check_owner
check_string = From
create_directory
create_file = anywhere
directory =
directory_file = q${base62:$tod_epoch}-$inode
directory_mode = 0700
escape_string = >From
file =
file_format =
no_file_must_exist
lock_fcntl_timeout = 0s
lock_flock_timeout = 0s
lock_interval = 3s
lock_retries = 10
lockfile_mode = 0600
lockfile_timeout = 30m
mailbox_filecount =
mailbox_size =
no_maildir_format
maildir_quota_directory_regex = ^(?:cur|new|\..*)$
maildir_retries = 10
maildir_tag =
no_maildir_use_size_file
maildirfolder_create_regex =
no_mailstore_format
mailstore_prefix =
mailstore_suffix =
message_prefix = From ${if def:return_path{$return_path}{MAILER-DAEMON}}
${tod_bsdinbox}\n
message_suffix = \n
mode = 0600
mode_fail_narrower
no_notify_comsat
quota =
quota_directory =
quota_filecount =
quota_is_inclusive
quota_size_regex =
quota_warn_message =
quota_warn_threshold =
no_use_bsmtp
no_use_crlf
use_fcntl_lock
no_use_flock_lock
use_lockfile

address_pipe transport:
no_body_only
current_directory =
debug_print = T: address_pipe for $local_part@$domain
no_delivery_date_add
no_disable_logging
driver = pipe
no_envelope_to_add
group =
headers_add =
no_headers_only
headers_remove =
headers_rewrite =
home_directory =
no_initgroups
message_size_limit =
no_rcpt_include_affixes
retry_use_local_part
return_path =
no_return_path_add
shadow_condition =
shadow_transport =
transport_filter =
transport_filter_timeout = 5m
user =
allow_commands =
batch_id =
batch_max = 1
check_string =
command =
environment =
escape_string =
no_freeze_exec_fail
no_freeze_signal
no_ignore_status
no_log_defer_output
no_log_fail_output
no_log_output
max_output = 20K
message_prefix = From ${if def:return_path{$return_path}{MAILER-DAEMON}}
${tod_bsdinbox}\n
message_suffix = \n
path = /bin:/usr/bin
no_permit_coredump
no_pipe_as_creator
no_restrict_to_path
return_fail_output
no_return_output
temp_errors = 75:73
timeout = 1h
no_timeout_defer
umask = 022
no_use_bsmtp
no_use_crlf
no_use_shell

address_reply transport:
no_body_only
current_directory =
debug_print = T: autoreply for $local_part@$domain
no_delivery_date_add
no_disable_logging
driver = autoreply
no_envelope_to_add
group =
headers_add =
no_headers_only
headers_remove =
headers_rewrite =
home_directory =
no_initgroups
message_size_limit =
no_rcpt_include_affixes
retry_use_local_part
return_path =
no_return_path_add
shadow_condition =
shadow_transport =
transport_filter =
transport_filter_timeout = 5m
user =
bcc =
cc =
file =
no_file_expand
no_file_optional
from =
headers =
log =
mode = 0600
never_mail =
once =
once_file_size = 0
once_repeat =
reply_to =
no_return_message
subject =
text =
to =

mail_spool transport:
no_body_only
current_directory =
debug_print = T: appendfile for $local_part@$domain
delivery_date_add
no_disable_logging
driver = appendfile
envelope_to_add
group = mail
headers_add =
no_headers_only
headers_remove =
headers_rewrite =
home_directory =
no_initgroups
message_size_limit =
no_rcpt_include_affixes
retry_use_local_part
return_path =
return_path_add
shadow_condition =
shadow_transport =
transport_filter =
transport_filter_timeout = 5m
user =
*expand_maildir_use_size_file =
no_allow_fifo
no_allow_symlink
batch_id =
batch_max = 1
no_check_group
check_owner
check_string = From
create_directory
create_file = anywhere
directory =
directory_file = q${base62:$tod_epoch}-$inode
directory_mode = 0700
escape_string = >From
file = /var/mail/$local_part
file_format =
no_file_must_exist
lock_fcntl_timeout = 0s
lock_flock_timeout = 0s
lock_interval = 3s
lock_retries = 10
lockfile_mode = 0600
lockfile_timeout = 30m
mailbox_filecount =
mailbox_size =
no_maildir_format
maildir_quota_directory_regex = ^(?:cur|new|\..*)$
maildir_retries = 10
maildir_tag =
no_maildir_use_size_file
maildirfolder_create_regex =
no_mailstore_format
mailstore_prefix =
mailstore_suffix =
message_prefix = From ${if def:return_path{$return_path}{MAILER-DAEMON}}
${tod_bsdinbox}\n
message_suffix = \n
mode = 0660
no_mode_fail_narrower
no_notify_comsat
quota =
quota_directory =
quota_filecount =
quota_is_inclusive
quota_size_regex =
quota_warn_message =
quota_warn_threshold =
no_use_bsmtp
no_use_crlf
use_fcntl_lock
no_use_flock_lock
use_lockfile

maildir_home transport:
no_body_only
current_directory =
debug_print = T: maildir_home for $local_part@$domain
delivery_date_add
no_disable_logging
driver = appendfile
envelope_to_add
group =
headers_add =
no_headers_only
headers_remove =
headers_rewrite =
home_directory =
no_initgroups
message_size_limit =
no_rcpt_include_affixes
retry_use_local_part
return_path =
return_path_add
shadow_condition =
shadow_transport =
transport_filter =
transport_filter_timeout = 5m
user =
*expand_maildir_use_size_file =
no_allow_fifo
no_allow_symlink
batch_id =
batch_max = 1
no_check_group
check_owner
check_string =
create_directory
create_file = anywhere
directory = $home/Maildir
directory_file = q${base62:$tod_epoch}-$inode
directory_mode = 0700
escape_string =
file =
file_format =
no_file_must_exist
lock_fcntl_timeout = 0s
lock_flock_timeout = 0s
lock_interval = 3s
lock_retries = 10
lockfile_mode = 0600
lockfile_timeout = 30m
mailbox_filecount =
mailbox_size =
maildir_format
maildir_quota_directory_regex = ^(?:cur|new|\..*)$
maildir_retries = 10
maildir_tag =
no_maildir_use_size_file
maildirfolder_create_regex =
no_mailstore_format
mailstore_prefix =
mailstore_suffix =
message_prefix =
message_suffix =
mode = 0600
no_mode_fail_narrower
no_notify_comsat
quota =
quota_directory =
quota_filecount =
quota_is_inclusive
quota_size_regex =
quota_warn_message =
quota_warn_threshold =
no_use_bsmtp
no_use_crlf
use_fcntl_lock
no_use_flock_lock
use_lockfile

maildrop_pipe transport:
no_body_only
current_directory =
debug_print = T: maildrop_pipe for $local_part@$domain
delivery_date_add
no_disable_logging
driver = pipe
envelope_to_add
group =
headers_add =
no_headers_only
headers_remove =
headers_rewrite =
home_directory =
no_initgroups
message_size_limit =
no_rcpt_include_affixes
retry_use_local_part
return_path =
return_path_add
shadow_condition =
shadow_transport =
transport_filter =
transport_filter_timeout = 5m
user =
allow_commands =
batch_id =
batch_max = 1
check_string =
command = /usr/bin/maildrop
environment =
escape_string =
no_freeze_exec_fail
no_freeze_signal
no_ignore_status
no_log_defer_output
no_log_fail_output
no_log_output
max_output = 20K
message_prefix = From ${if def:return_path{$return_path}{MAILER-DAEMON}}
${tod_bsdinbox}\n
message_suffix = \n
path = /bin:/usr/bin:/usr/local/bin
no_permit_coredump
no_pipe_as_creator
no_restrict_to_path
no_return_fail_output
no_return_output
temp_errors = 75:73
timeout = 1h
no_timeout_defer
umask = 022
no_use_bsmtp
no_use_crlf
no_use_shell

procmail_pipe transport:
no_body_only
current_directory =
debug_print = T: procmail_pipe for $local_part@$domain
delivery_date_add
no_disable_logging
driver = pipe
envelope_to_add
group =
headers_add =
no_headers_only
headers_remove =
headers_rewrite =
home_directory =
no_initgroups
message_size_limit =
no_rcpt_include_affixes
retry_use_local_part
return_path =
return_path_add
shadow_condition =
shadow_transport =
transport_filter =
transport_filter_timeout = 5m
user =
allow_commands =
batch_id =
batch_max = 1
check_string =
command = /usr/bin/procmail
environment =
escape_string =
no_freeze_exec_fail
no_freeze_signal
no_ignore_status
no_log_defer_output
no_log_fail_output
no_log_output
max_output = 20K
message_prefix = From ${if def:return_path{$return_path}{MAILER-DAEMON}}
${tod_bsdinbox}\n
message_suffix = \n
path = /bin:/usr/bin:/usr/local/bin
no_permit_coredump
no_pipe_as_creator
no_restrict_to_path
no_return_fail_output
no_return_output
temp_errors = 75:73
timeout = 1h
no_timeout_defer
umask = 022
no_use_bsmtp
no_use_crlf
no_use_shell

remote_smtp transport:
no_body_only
current_directory =
debug_print = T: remote_smtp for $local_part@$domain
no_delivery_date_add
no_disable_logging
driver = smtp
no_envelope_to_add
group =
headers_add =
no_headers_only
headers_remove =
headers_rewrite =
home_directory =
no_initgroups
message_size_limit =
no_rcpt_include_affixes
no_retry_use_local_part
return_path =
no_return_path_add
shadow_condition =
shadow_transport =
transport_filter =
transport_filter_timeout = 5m
user =
address_retry_include_sender
no_allow_localhost
authenticated_sender =
no_authenticated_sender_force
command_timeout = 5m
connect_timeout = 5m
connection_max_messages = 500
data_timeout = 5m
delay_after_cutoff
dkim_canon =
dkim_domain =
dkim_private_key =
dkim_selector =
dkim_sign_headers =
dkim_strict =
dns_qualify_single
no_dns_search_parents
fallback_hosts =
final_timeout = 10m
no_gethostbyname
gnutls_require_kx =
gnutls_require_mac =
gnutls_require_protocols =
helo_data = $primary_hostname
hosts =
hosts_avoid_esmtp =
hosts_avoid_pipelining =
hosts_avoid_tls =
hosts_max_try = 5
hosts_max_try_hardlimit = 50
hosts_nopass_tls =
no_hosts_override
no_hosts_randomize
hosts_require_auth =
hosts_require_tls =
hosts_try_auth =
interface =
keepalive
no_lmtp_ignore_quota
max_rcpt = 100
multi_domain
port = smtp
protocol = smtp
retry_include_ip_address
serialize_hosts =
size_addition = 1024
tls_certificate =
tls_crl =
tls_dh_min_bits = 1024
tls_privatekey =
tls_require_ciphers =
tls_sni =
tls_tempfail_tryclear
tls_verify_certificates =

remote_smtp_smarthost transport:
no_body_only
current_directory =
debug_print = T: remote_smtp_smarthost for $local_part@$domain
no_delivery_date_add
no_disable_logging
driver = smtp
no_envelope_to_add
group =
headers_add =
no_headers_only
headers_remove =
headers_rewrite =
home_directory =
no_initgroups
message_size_limit =
no_rcpt_include_affixes
no_retry_use_local_part
return_path =
no_return_path_add
shadow_condition =
shadow_transport =
transport_filter =
transport_filter_timeout = 5m
user =
address_retry_include_sender
no_allow_localhost
authenticated_sender =
no_authenticated_sender_force
command_timeout = 5m
connect_timeout = 5m
connection_max_messages = 500
data_timeout = 5m
delay_after_cutoff
dkim_canon =
dkim_domain =
dkim_private_key =
dkim_selector =
dkim_sign_headers =
dkim_strict =
dns_qualify_single
no_dns_search_parents
fallback_hosts =
final_timeout = 10m
no_gethostbyname
gnutls_require_kx =
gnutls_require_mac =
gnutls_require_protocols =
helo_data = $primary_hostname
hosts =
hosts_avoid_esmtp =
hosts_avoid_pipelining =
hosts_avoid_tls =
hosts_max_try = 5
hosts_max_try_hardlimit = 50
hosts_nopass_tls =
no_hosts_override
no_hosts_randomize
hosts_require_auth =
hosts_require_tls =
hosts_try_auth = <; ${if exists{/etc/exim4/passwd.client}
{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$host_address}}}{} }
interface =
keepalive
no_lmtp_ignore_quota
max_rcpt = 100
multi_domain
port = smtp
protocol = smtp
retry_include_ip_address
serialize_hosts =
size_addition = 1024
tls_certificate =
tls_crl =
tls_dh_min_bits = 1024
tls_privatekey =
tls_require_ciphers =
tls_sni =
tls_tempfail_tryclear
tls_verify_certificates =

address_directory transport:
no_body_only
current_directory =
debug_print = T: address_directory for $local_part@$domain
delivery_date_add
no_disable_logging
driver = appendfile
envelope_to_add
group =
headers_add =
no_headers_only
headers_remove =
headers_rewrite =
home_directory =
no_initgroups
message_size_limit =
no_rcpt_include_affixes
retry_use_local_part
return_path =
return_path_add
shadow_condition =
shadow_transport =
transport_filter =
transport_filter_timeout = 5m
user =
*expand_maildir_use_size_file =
no_allow_fifo
no_allow_symlink
batch_id =
batch_max = 1
no_check_group
check_owner
check_string =
create_directory
create_file = anywhere
directory =
directory_file = q${base62:$tod_epoch}-$inode
directory_mode = 0700
escape_string =
file =
file_format =
no_file_must_exist
lock_fcntl_timeout = 0s
lock_flock_timeout = 0s
lock_interval = 3s
lock_retries = 10
lockfile_mode = 0600
lockfile_timeout = 30m
mailbox_filecount =
mailbox_size =
maildir_format
maildir_quota_directory_regex = ^(?:cur|new|\..*)$
maildir_retries = 10
maildir_tag =
no_maildir_use_size_file
maildirfolder_create_regex =
no_mailstore_format
mailstore_prefix =
mailstore_suffix =
message_prefix =
message_suffix =
mode = 0600
mode_fail_narrower
no_notify_comsat
quota =
quota_directory =
quota_filecount =
quota_is_inclusive
quota_size_regex =
quota_warn_message =
quota_warn_threshold =
no_use_bsmtp
no_use_crlf
use_fcntl_lock
no_use_flock_lock
use_lockfile