[plug] Debian Sarge + Exim4 + Smarthost relay

Michael Hunt michael at aussie.oddsocks.net
Thu May 12 23:15:23 WST 2005


On Thu, 2005-05-12 at 22:02 +0800, Phillip wrote:

> Sorry to sabotage the thread but you wouldn't happen to know a Mathew Hunt?

Sorry no. But I do now have an answer to my problem !!!

> Phillip.
> 
> On 5/12/05, Michael Hunt <michael at aussie.oddsocks.net> wrote:
> > Hi ya all,
> > 
> > I have just noticed that over the last couple of days my ever reliable
> > sarge + exim4 + Arachnet as a smarthost mail server setup is now become
> > not so reliable.
> > 
> > /var/log/exim4/mainlog lists errors like the following :-
> > 
> > SMTP error from remote mailer after STARTTLS: host mx1.arach.net.au [203.30.44.129]:
> > 454 TLS missing certificate: error:0200100D:system library:fopen:Permission denied (#4.3.0):
> >
> > I'm assuming that because of the '454 TLS missing certificate' that
> > sometime during the setting up the connection to relay one end is trying
> > to authenticate the connection and fails. Since I currently don't need
> > to enter authentication details in evolution in order to use Arachnet's
> > smtp mail server, I'm assuming that the problem is at my end.

Well ... I got that wrong :-) This error appears to come from Arachnet's
end. Seems their server doesn't support TLS which debian's exim package
does by default. Found this out by telnet to port 25 and issuing a
STARTTLS command which gave me the same error. Doing a STARTTLS on my
mail server gave me a different response.

> > Some googling turned up some info that Debian's exim4 now supports TLS
> > by default and that my end probably hasn't had appropriate certificates
> > setup. So far I have always setup exim4 using debconf and filling in the
> > boxes and haven't had much experience with exim's conf files. If anyone
> > could point me to the appropriate changes for switching of TLS or tell
> > me how to generate certificates I would much appreciate the assistance.

A bit more googling helped me find this link :-

http://www.lars-schenk.com/modules.php?op=modload&name=News&file=article&sid=3

which pointed me to some seemingly necessary changes to the exim conf to
try and make it work. However after reading through
the /etc/exim4/exim4.conf.template file I came across the following
entry :-


remote_smtp_smarthost:
  ...
  tls_tempfail_tryclear = false ; I changed it to true :-)

and viola !!! My mail is now relayed !!!

Now just need to talk to Arachnet about them offering encrypted sessions
for their mail servers :-)

> > Of course if you think I am barking up the wrong tree then telling me so
> > would also be 'very' helpful too :-)

Well ... the two trees were _quite_ close together. 

> > Michael Hunt

Good night.

Michael Hunt




More information about the plug mailing list