EXIM4 as client only using Smarthost. Connection issue

Kernels & Hardware, configuring network, installing services

EXIM4 as client only using Smarthost. Connection issue

Postby rapple » 2020-10-06 16:03

Trying to set up EXIM4 as mailer on RASPBX. - Raspberry Pi, canned version of Debian 10/Buster with Astrerisk and FREEPBX. Exim4 is 4.92.
According to RASPBX docs this should be zero config required beyond dpkg-reconfigure exim4-config to enter type of sent via smarthost rcvd via smtp... the server, port etc. then update-exim4.conf, then set up user on client file & restart exim.
BUT... Test mails are not sent.
Looking at the mainlog file, they are queued and retry is working. The single error message I am getting is "Remote host closed connection in response to initial connection"
The machine can ping the server. Reverse DNS is working. I can telnet to the SMTP server.
The User ID and password are correct. Triple checked.

I've spent a day looking through the config files, documentation and forums and as far as I can tell, the client stuff should just work with no configuration variables required to be set. Most of the TLS help and docs are all around using EXIM4 as a server for your own mail clients.

Unfortunately I've not found any log file that gives me any more information nor anywhere that suggests possible options for this message. Nor have I found anything that I can understand around setting log levels that might generate more granular error messages. I did try a couple of the test modes from the command line but they didn't generate anything useful.

I've talked to the ISP, there's nothing beyond dropping the connection in their log files. Their system requires TLS 1.2 and uses port 465. SMTP on the mail server advertises 250-STARTTLS.

So, can anyone advise how EXIM4 is supposed to work using TLS with a smarthost for send. (I don't actually care about how it might receive but if it helps...)
and/or offer any guidance on how I can work out more specifically what the issue is?

Does EXIM4 (via GNUTLS ) actually support TLS 1.2 and does it use STARTTLS by default or something different?
or... is this actually nothing to do with TLS at all?

Posts: 4
Joined: 2020-10-06 15:20

Re: EXIM4 as client only using Smarthost. Connection issue

Postby dilberts_left_nut » 2020-10-06 18:46

465 is usually for the old direct-ssl.
You probably should use 587 for STARTTLS.

Either your ISP is misleading you, or has a very weird setup.
AdrianTM wrote:There's no hacker in my grandma...
User avatar
Posts: 5077
Joined: 2009-10-05 07:54
Location: enzed

Re: EXIM4 as client only using Smarthost. Connection issue

Postby rapple » 2020-10-06 19:11

No, that information is correct, because that's what I also have to use for Thunderbird's SMTP setup when I'm using it.
I did wonder about that, but when I read the EXIM documentation today it tries to explain the confusion around 465 and 587 then goes on to say that it should be able to handle both. Indeed my understanding is that 465 is perfectly legit again based on what I've read over the last 72 hours and my other ISP also uses 465 and I had to switch some clients from 587 to 465 a year ago for them. Both are fairly big European providers.
However as I mentioned in the first post, most of the EXIM documentation related to TLS seems to be for the server side setup so it's perfectly possible that as a client EXIM4 don't do both!

That's really why I'm seeking wisdom.
Posts: 4
Joined: 2020-10-06 15:20

Re: EXIM4 as client only using Smarthost. Connection issue

Postby rapple » 2020-10-06 19:50

OK, so using yet another ISP that allows me to use 465 or 587, I tried configuring both, several times.
EXIM4 SMTP outbound fails with that ISP when I use dpkg-reconfigure exim4-config to set the port to 465, yet it succeeds when I set it to 587.
Unfortunately that doesn't help me as that's not the ISP to use for this project.

My limited understanding is that 587 goes with STARTTLS and that 465 goes with SSL or TLS.

This might suggest that EXIM4 outbound is permanently configured to use STARTTLS rather than the other or at least if it's modifiable I haven't found where to set that yet.

Any EXIM4 gurus out there?
Posts: 4
Joined: 2020-10-06 15:20

Re: EXIM4 as client only using Smarthost. Connection issue

Postby rapple » 2020-10-06 21:08

Finally found that the answer is in the Debian Wiki, albeit my searches never led me there. It's also about the only article that puts the emphasis on a single user connection to an ISP and explains it.
Got there in a roundabout way courtesy of a Ghost on Github that linked back to the Wiki.

Long story short, if your provider does use TLS on port 465 and does not provide STARTTLS on 587 as well, it has to be implicit TLS on 465 and this is not how EXIM4 is configured by default, even though (assuming I have read all correctly) this is now the way that we should all be submitting emails in preference to 587 and STARTTLS. The easiest to read current article that I found on that was here: https://www.fastmail.com/help/technical/ssltlsstarttls.html

To configure it correctly for this as of Oct 2020 you need to do as the wiki suggests: https://wiki.debian.org/Exim#TLS_and_authentication

On the plus side I now know a lot more about how to configure and operate EXIM.
Posts: 4
Joined: 2020-10-06 15:20

Return to System configuration

Who is online

Users browsing this forum: Bernoot and 25 guests