Re: [exim] Configuring for non-encrypted MUA to localhost. …

Top Page
Delete this message
Reply to this message
Author: peter
Date:  
To: exim-users
Subject: Re: [exim] Configuring for non-encrypted MUA to localhost. TLS-on-connect, exim to smarthost.
From:    Jeremy Harris via Exim-users <exim-users@???>
Date:    Sat, 1 Apr 2023 17:15:25 +0100

> Exim has a debug mode.
> ...
> You will see the processing that exim does, and should be able to
> infer at what point it diverges from your needs.


Thanks. I should have tried debug before asking.

Debug alerted me me to add lines in /etc/email-addresses.

Appears this debug run is incomplete but I don't recognize a clue.

root@dalton:~# tail -n 16 eximdebug.txt
19:40:02 9597 closed hints database and lockfile
19:40:02 9597 no host retry record
19:40:02 9597 no message retry record
19:40:02 9597 easthope.ca [158.69.159.172]:465 retry-status = usable
19:40:02 9597 158.69.159.172 in serialize_hosts? no (option unset)
19:40:02 9597 delivering 1pjt45-0002Uk-Jt to easthope.ca
[158.69.159.172] (peter@???)
19:40:02 9597 set_process_info: 9597 delivering 1pjt45-0002Uk-Jt to
easthope.ca [158.69.159.172]:465 (peter@???)
19:40:02 9597 158.69.159.172 in hosts_require_dane? no (option unset)
19:40:02 9597 Transport port=25 replaced by host-specific port=465
19:40:02 9597 158.69.159.172 in hosts_pipe_connect? no (option unset)
19:40:02 9597 Connecting to easthope.ca [158.69.159.172]:465 ...
158.69.159.172 in hosts_try_fastopen? yes (matched "*")
19:40:02 9597 TFO mode sendto, no data: EINPROGRESS
19:40:02 9597 connected
19:40:02 9597 ╭considering: $primary_hostname
19:40:02 9597 ├──expanding: $primary_hostname
19:40:02 9597 ╰─────result: dalton.invalid
root@dalton:~#

Ref.
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-security_considerations.html

"FIXED_NEVER_USERS can be set to a colon-separated list of users that
are never to be used for any deliveries. This is like the never_users
runtime option, but it cannot be overridden; the runtime option adds
additional users to the list. The default setting is “root”; this
prevents a non-root user who is permitted to modify the runtime file
from using Exim as a way to get root."

Meaning that root is not allowed to send email? If so, the "problem"
is simply me attempting something prohibited; but prohibiting the
administrator from sending email seems unrealistic. What is the
reality?

Thx,                 ... P.