On Thursday, June 06, 2013 16:30:48, Roger Lynn wrote: > On 06/06/13 14:00, Chris Knadle wrote: > > On Wednesday, June 05, 2013 15:35:14, Marc Haber wrote: > >> On Sun, 2 Jun 2013 19:53:59 -0400, Chris Knadle > >> > >> <chris.kna...@coredump.us> wrote: > >> >Attempting to use an FQDN is also troublesome, because Exim tries to > >> >use DNS to look up the FQDN, and falls back to using 'uname -n' which > >> >returns the local hostname without a domain name. The SMTP RFCs > >> >require the HELO/HELO information to contain an FQDN or an IP address > >> >in [] brackets, and some mail systems reject connections containing > >> >non-conforming HELO/EHLO greetings. > >> > >> Smarthosts are usually a lot more forgiving in that regard. > > > > Maybe so, but the smarthosts I run aren't, so I don't have the > > expectation that others are. ACL rules for both Exim and Postfix for > > blocking noncompliant EHLO/HELO greetings are commonly suggested. > > The smarthosts run by ISPs that most people will be using by default have > to accept mail direct from MUAs such as Outlook and Thunderbird which will > often be unable to generate compliant greetings. The pickier settings are > more often used on incoming servers which expect to have proper SMTP > servers speaking to them.
I think that's true, however I'd still rather not _count on_ that always being the case. The RFCs accept [<IP_address>] such as [192.168.1.1] as a EHLO/HELO greeting, and that's something that's always available and should work with smarthosts that have more strict EHLO/HELO checks. > >> >> I don't think you need MAIN_TLS_ENABLE to to TLS as a client. > >> > > >> >Tested this... looks like this is true. :-) Cool. [I'm pretty sure > >> >this wasn't always the case, but I'm glad it is now.] > >> > >> Afair, it was always the case. > > > > Okay -- I'll take your word for it. ;-) > > The upstream spec for Exim 3.30 from 2001 says: "It is not necessary to set > any options to have TLS work in the smtp transport. If TLS is advertised by > a server, the smtp transport will attempt to start a TLS session." Yep, that's definitive. Thanks for taking the time to look this up. -- Chris -- Chris Knadle chris.kna...@coredump.us GPG Key: 4096R/0x1E759A726A9FDD74 -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201306062006.57082.chris.kna...@coredump.us
