[exim] Re (2): Configuring for non-encrypted MUA to localhost. TLS-on-connect, exim to smarthost.

Sat, 08 Apr 2023 11:25:07 -0700 

Andrew, thanks for replying.

From:   Andrew C Aitchison <e...@aitchison.me.uk>
Date:   Thu, 6 Apr 2023 22:53:30 +0100 (BST)

Ah. I have finally got my head around what you are attempting to do.


If not told otherwise, I'd have thought the stated objective is
trivial. Relay a message.  TLS not required within localhost.  TLS
required between localhost and smarthost.  What could be simpler?
Dropping TLS is bad practice in contemporary conditions.


If you need exim to send mail to port 465 on the "smarthost" you
cannot just tell it to send the mail ... that would go to port 25 ...


$ grep 465 /etc/exim4/update-exim4.conf.conf
dc_smarthost='mail.easthope.ca::465'

25 # 465


(and use starttls).


Opportunistic TLS (or STARTTLS) versus Implicit TLS (or TLS-on-connect)
has a history of confusion.  =8~/
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers#cite_ref-tcp465_86-0
Even the use of multiple synonymous terms confuses novices.

Opportunistic TLS provides vulnerability.
https://en.wikipedia.org/wiki/Opportunistic_TLS#Weaknesses_and_mitigations

Phasing out of vulnerability and facilitation of security are good
practices.  =8~)

Appears the log I have now is complete; the last line has "terminating
with rc=0".  Rather than clutter the mailing list with mostly
insignificant data I put it here. http://easthope.ca/eximdebug.txt
If wanted in the mailing list, let me know.


You need exim to pretend to be an MUA/MSA.


?  A good MUA/MSA is here already.  It works when exim communicates to
smarthost port 587, STARTTLS.  My objective is a MTA described in
first lines above.


... I'm sending this now, while I reread the spec and consider how it
might be done, ...


Thanks.


... my first thought is that you need a transport especially for
this host ...


With very limited knowledge, creation of a transport is a formidable
challenge.  =8~/


... with options to force the connection to port 465 and
 tls-on-connect.


Yes for exim to smarthost.  MUA/MSA to exim is unencrypted, port 25.

Thanks,                                 ... P.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/






















					Reply via email to