Re: [exim] sending e-mail through a directnic server

Top Page

Reply to this message
Author: Gary Dale
CC: exim-users
New-Topics: Re: [exim] sending e-mail through a directnic server [RESOLVED]
Subject: Re: [exim] sending e-mail through a directnic server

On 2019-11-28 1:28 p.m., Adam D. Barratt wrote:
> On Thu, 2019-11-28 at 14:00 +0000, Andrew C Aitchison via Exim-users
> wrote:
>> On Thu, 28 Nov 2019, Gary Dale via Exim-users wrote:
> [...]
>>> It looks like the remote smarthost thinks I'm not using TLS.
>> No. TLS is about encryption. The 1iaJ5F-00053v-JS log says that the
>> remote smarthost thinks you are not *authenticating* (which should,
>> but may or may not be, encrytped).
> Given the configuration in the original mail, this is likely due to the
> fact that is a CNAME, and reverse DNS for the
> eventual target resolves to "".
> Debian's Exim packaging describes the use of the passwd.client file in
> exim4-config-files(5), which in part says (with apologies for the
> longish quote):
> <quote>
> Please note that target.mail.server.example is currently the value
> that exim can read from reverse DNS: It first follows the host name of
> the target system until it finds an IP address, and then looks up the
> reverse DNS for that IP address to use the outcome of this query (or
> the IP address itself should the query fail) as index into
> /etc/exim4/passwd.client.
> This goes inevitably wrong if the host name of the mail server is a
> CNAME (a DNS alias), or the reverse lookup does not fit the forward
> one.
> Currently, you need to manually lookup all reverse DNS names for all IP
> addresses that your SMTP server host name points to, for example by
> using the host command.
> You may minimize this trouble by using a wild card entry or
> regular expressions, thus reducing the risk of divulging the password
> to the wrong SMTP server while reducing the number of necessary
> lines. For a deeper discussion, see the Debian BTS #244724.
> </quote>
> Thus, the hostname in passwd.client wants to be,
> not (Or potentially a regex or wildcard if the
> "152" is expected to change.)
> Regards
> Adam

I'm aware of that issue and therefore have my passwd.client file provide
credentials for both * and *