Andrew, thanks for replying.
From: Andrew C Aitchison <exim@???>
Date: Thu, 6 Apr 2023 22:53:30 +0100 (BST)
> Ah. I have finally got my head around what you are attempting to do.
If not told otherwise, I'd have thought the stated objective is
trivial. Relay a message. TLS not required within localhost. TLS
required between localhost and smarthost. What could be simpler?
Dropping TLS is bad practice in contemporary conditions.
> If you need exim to send mail to port 465 on the "smarthost" you
> cannot just tell it to send the mail ... that would go to port 25 ...
$ grep 465 /etc/exim4/update-exim4.conf.conf
dc_smarthost='mail.easthope.ca::465'
25 # 465
> (and use starttls).
Opportunistic TLS (or STARTTLS) versus Implicit TLS (or TLS-on-connect)
has a history of confusion. =8~/
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers#cite_ref-tcp465_86-0
Even the use of multiple synonymous terms confuses novices.
Opportunistic TLS provides vulnerability.
https://en.wikipedia.org/wiki/Opportunistic_TLS#Weaknesses_and_mitigations
Phasing out of vulnerability and facilitation of security are good
practices. =8~)
Appears the log I have now is complete; the last line has "terminating
with rc=0". Rather than clutter the mailing list with mostly
insignificant data I put it here.
http://easthope.ca/eximdebug.txt
If wanted in the mailing list, let me know.
> You need exim to pretend to be an MUA/MSA.
? A good MUA/MSA is here already. It works when exim communicates to
smarthost port 587, STARTTLS. My objective is a MTA described in
first lines above.
> ... I'm sending this now, while I reread the spec and consider how it
> might be done, ...
Thanks.
> ... my first thought is that you need a transport especially for
> this host ...
With very limited knowledge, creation of a transport is a formidable
challenge. =8~/
> ... with options to force the connection to port 465 and
> tls-on-connect.
Yes for exim to smarthost. MUA/MSA to exim is unencrypted, port 25.
Thanks, ... P.
