Re: [exim] bounce message with hosts_require_tls

Top Page
Delete this message
Reply to this message
Author: Brent Jones
Date:  
To: Daniel Jost
CC: exim-users
Subject: Re: [exim] bounce message with hosts_require_tls
I had a set of custom patches to Exim to do something like this for a
product. I no longer have or maintain them, but it wasn't -too- difficult
to whack up the hosts_require_tls error handling to generate a custom DSN.
I'll see if I can dig back through memory lane with something more helpful,
but it was never quality enough to want to push upstream back into Exim ;)

On Thu, Jan 11, 2018 at 4:38 PM, Daniel Jost <info@???> wrote:

> Hi!
>
> I created a route and a transport in my exim configuration to allow
> certain sender domains to enforce encrypted transfer (mandantory tls). The
> idea is that if an authenticated user sends an email, the server looks up
> if the domain has mandantory tls enabled and routes the message through the
> transport that only succeeds if the remote mail server supports tls.
>
> That was the easy part. :-) Another part of the idea is that the sender
> receives a bouncer if remote server doesn't support tls. Unfortunately exim
> seems to handle a failed hosts_require_tls condition as an temporary error,
> puts the mail to the queue and tries again and again to deliver the mail.
> If the retry timeout is exceeded, the error message in the bouncer mail is:
>
> "retry timeout exceeded"
>
> instead of something like
>
> "remote server doesn't support tls delivery"
>
> Any idea how to change that behavior so that the sender gets a bouncer
> with a meaningful return message?
>
> My config parts are:
>
> # router/150_exim4-config_mandantorytls_route
> #############################################
> # route for mandantory tls
> mandantorytls_route:
> debug_print = "R: mandantorytls_route for $domain"
> driver = dnslookup
> domains = +mandantorytls_domains
> transport = remote_smtp_mandantorytls
>
> ### transport/30_exim4-config_remote_smtp_mandantorytls
> #######################################################
> # enforce tls
> remote_smtp_mandantorytls:
> debug_print = "T: remote_smtp_mandantorytls for $local_part@$domain"
> driver = smtp
> hosts_require_tls = *
> tls_tempfail_tryclear = false
>
> Thanks a lot!
>
> Daniel
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>