On 11 Apr 2023, at 17:43, Peter via Exim-users <exim-users@???> wrote:
> In absence of progress to have exim apply TLS-on-connect to server port
> 465 I'm trying non-TLS to port 587 as a simpler first objective. =8~/
Your error has nothing to do with TLS at all:
20:33:41 1656 LOG: MAIN PANIC
20:33:41 1656 failed to expand "<; ${if exists{/etc/exim4/passwd.client} {${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$host_address}}}{} }" while checking a list: failed to open /etc/exim4/passwd.client for linear search: Permission denied (euid=106 egid=113)
The reason your Exim (as a client) is speaking over STARTTLS is because the transport is configured by default to do precisely that.
From
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-encrypted_smtp_connections_using_tlsssl.html (sec 10):
"If Exim is built with TLS support, and TLS is advertised by a server, the smtp transport always tries to start a TLS session. However, this can be prevented by setting hosts_avoid_tls (an option of the transport) to a list of server hosts for which TLS should not be used."
But in any case, your problem is on your filesystem rather than on-the-wire.
Graeme
PS patches welcome for wishlist items :)
