On 2019-01-06 6:44 p.m., Gary Dale via Exim-users wrote:
> On 2019-01-06 2:51 p.m., Jeremy Harris wrote:
>> On 06/01/2019 19:34, Gary Dale via Exim-users wrote:
>>> You've missed the point. My e-mail smarthost uses 587 for unencrypted
>>> connections but 465 for encrypted. Using Thunderbird with ssl/tls on
>>> port 465 works. It's the Exim4 (encrypted) configuration I need help
>>> with.
>> Oh, right. You're using Exim as a client here. So it's the transport
>> configuration that matters:
>>
>> http://exim.org/exim-html-current/doc/html/spec_html/ch-the_smtp_transport.html#SECID146
>>
>>
>> For the relevant transport in your config you'll need to
>> set the "protocol" option to "smtps" to get TLS-on-connect.
>> Quite where that is in you Debian-derived config I can't tell you.
>> I'd not be at all surprised if the Debian configurator front-end
>> knows about the possibility.
>
> Yes. I forgot to mention that I've done that too. I added it to
> exim4.conf.template then re-ran the configure and restarted the
> service. Still no joy.
>
>
> Got a connection to the remote host using:
>
> openssl s_client -connect smtp -crlf -connect <sub>.r4l.com:465
>
> From there I was able to login and send an e-mail (once I'd figured
> out that I needed to follow the helo with an ehlo). The connection
> showed the remote server's certificate information so I think it was
> encrypted.
>
> This brings me back to the exim4 configuration. I tried putting
>
> REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS = *
>
> in the exim4.conf.localmacros file so that the section
>
> .ifdef REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
> hosts_require_tls = REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
> protocol = smtps
> .endif
>
> would be triggered in exim4.conf.template but when I look in
> /var/lib/exim4/config.autogenerated, the section is simply copied
> (with the enclosing .ifdef...endif) making me wonder if it is being
> run. However the line from .localmacros is copied at the top, so it
> should be. I guess the file is interpreted rather than simply being
> loaded by the exim4 service.
>
> At any rate, I think I've got everything right but I can't get it to
> actually send mail...
>
> Any idea?
>
>
OK. I have no idea what happened but it's working now. I was watching
TV for a while and when I came back to my computer, the test messages
that had been stuck in my mailq were delivered.
To document what my setup is:
- exim4.conf.template I added this line after .ifdef MAIN_TLS_ENABLE
tls_on_connect_ports = 465
- after the line hosts_require_tls =
REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS, I added
protocol = smtps
- exim4.conf.localmacros contains:
REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS = *
AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS = 1
MAIN_TLS_ENABLE = 1
- my update-exim4.conf.conf has the line:
dc_smarthost='<sub>.r4l.com::465'
where <sub> is replace by the actual subdomain/server that r4l.com assigned.
I hope this helps someone in the future.
