Hi Andreas,
thanks for your support, very helpful, unfortunately ... it still
does not wokr out, no reason why...
On Mi, 30 Mai 2012, Andreas Metzler wrote:
> On 2012-05-30 Norbert Preining <prein...@logic.at> wrote:
> > On Di, 29 Mai 2012, Andreas Metzler wrote:
> [...]
> > > gnutls-cli --priority=NORMAL:%COMPAT:-VERS-TLS1.1:-VERS-TLS1.2 \
> > > smtp.jaist.ac.jp -p 465
> [...]
> > The only hickup was that at then end
> > > connect if the SSL/settings are modified (for 4.77
> > > gnutls_require_protocols and gnutls_compat_mode, for 4.80 (in
> > > experimental) simply set tls_require_ciphers to the abovementioned
> > > priority string.)
>
> > Now I tried to convince exim to do the same, but without success.
> > According to your remarks I set the foillowing variables in
> > /etc/exim4/conf.d/main/000_localmacros
>
> > DCsmarthost=smtp.jaist.ac.jp::465
> > gnutls_compat_mode=true
> > gnutls_require_protocols=NORMAL:%COMPAT:-VERS-TLS1.1:-VERS-TLS1.2
>
> Two things:
> * gnutls_require_protocols does not accept a GnuTLS string, it is a
> different syntax. "TLS1.0:SSL3
> * The respective setting needs to be on the transport. (The
> corresponding main configuration settings apply when exim is
> accepting mail on the SMTP port.)
Ok, I have now
gnutls_require_protocols="TLS1.0:SSL3"
and also tried
gnutls_require_protocols=TLS1.0:SSL3
added to the
conf.d/transport/30_exim4-config_remote_smtp_smarthost
as in:
remote_smtp_smarthost:
debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
driver = smtp
hosts_try_auth = <; ${if exists{CONFDIR/passwd.client} \
{\
${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}}\
}\
{} \
}
gnutls_require_protocols=TLS1.0:SSL3
.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
.endif
...
Furthermore, in the main section I have added the
gnutls_compat_mode=true
(conf.d/main/000_localmacros)
update-exim4.conf (no warning)
exim restart (no warning)
delivering the message ends with:
2012-05-31 10:26:53 [5012] 1SZVOZ-0007rj-8Q SMTP timeout while connected to
smtp.jaist.ac.jp [150.65.19.12] after initial connection: Connection timed out
2012-05-31 10:26:53 [5009] 1SZVOZ-0007rj-8Q == prein...@logic.at R=smarthost
T=remote_smtp_smarthost defer (110): Connection timed out: SMTP timeout while
connected to smtp.jaist.ac.jp [150.65.19.12] after initial connection
> Nothing specific. I wozuld just hit them with the fact that
>
> openssl s_client -connect smtp.jaist.ac.jp:465
Ok, thanks.
> is far less used. There are broken servers around (see e.g.
> <http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5993>).
Thanks for the link.
Best wishes
Norbert
------------------------------------------------------------------------
Norbert Preining preining@{jaist.ac.jp, logic.at, debian.org}
JAIST, Japan TeX Live & Debian Developer
DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094
------------------------------------------------------------------------
ELY (n.)
The first, tiniest inkling you get that something, somewhere, has gone
terribly wrong.
--- Douglas Adams, The Meaning of Liff
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
