Re: [exim] TLS session is required, but an attempt to start…

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] TLS session is required, but an attempt to start TLS failed
Patrick Porteous via Exim-users <exim-users@???> (Di 18 Okt 2022 14:58:49 CEST):
> I've recently started receiving the following message in my log files when
> sending to one host:
>
> 2022-10-18 07:12:45 H=example.com [###.###.###.199]: a TLS session is
> required, but an attempt to start TLS failed


>
> The error is causing email addressed to this host to hang in my queue and
> then fail to be delivered after the time out period.  My exim.config is
> setup with the following options enabled:
>
> tls_advertise_hosts = *
> tls_certificate = /usr/local/ssl/apache-selfsigned.crt
> tls_privatekey = /usr/local/ssl/apache-selfsigned.key


This is for your Exim acting as a server, but I understand, that you're
sending *to another* host, so it irrelevant here.

> verify error:num=18:self signed certificate

… this can be an issue, depending on the TLS settings of your remote
transport.

Find the transport

exim -bt <recipient>

and review the transport configuration (or share it with us).
Normally Exim should fallback to clear text communication if TLS isn't
possible, so I suspect you having some TLS related transport settings.

--
Heiko