On 2012-05-31 Norbert Preining <[email protected]> wrote: > On Do, 31 Mai 2012, Andreas Metzler wrote: > > > Furthermore, in the main section I have added the > > > gnutls_compat_mode=true > > > > This setting should also be on the transprt. - I actually wanted to
> I think I tried that, and update-exim4.conf gave me an error... You are right. The documentation is not correct in that respect, gnutls_compat_mode=true is only accepted as a main configuration option. [...] However, I have just installed exim4 4.77-1+b1 in my local sid chroot, configured to use jaist.ac.jp::587 as smarthost. Of course I cannot actually deliver, but can test connectivity. Without hand-tuning I get this ~: echo foo | exim -f '<>' -d+all [email protected] [...] 20:17:04 6076 150.65.19.12 in hosts_avoid_tls? no (option unset) 20:17:04 6076 SMTP>> STARTTLS 20:17:04 6076 waiting for data on socket 20:17:04 6076 read response data: size=14 20:17:04 6076 SMTP<< 220 Go ahead 20:17:04 6076 initializing GnuTLS as a client 20:17:04 6076 read D-H parameters from file 20:17:04 6076 initialized D-H parameters 20:17:04 6076 no TLS client certificate is specified 20:17:04 6076 initialized certificate stuff 20:17:04 6076 initialized GnuTLS session 20:17:05 6076 LOG: MAIN 20:17:05 6076 TLS error on connection to smtp.jaist.ac.jp [150.65.19.12] (gnutls_handshake): A TLS packet with unexpected length was received. 20:17:05 6076 ok=0 send_quit=0 send_rset=1 continue_more=0 yield=1 first_address is not NULL [...] I have now set gnutls_compat_mode=true as main option and gnutls_require_protocols=TLS1.0:SSL3 on the remote_smtp_smarthost transport (exactly as you did, except for using non-split config): (SID)root@argenau:/# exim4 -bP transport remote_smtp_smarthost | grep gnutls_require_pro ; exim4 -bP | grep gnutls_compat gnutls_require_protocols = TLS1.0:SSL3 gnutls_compat_mode Works for me. ;-O ~: echo foo | exim -f '<>' -d+all [email protected] [...] 20:25:47 6862 150.65.19.12 in hosts_avoid_tls? no (option unset) 20:25:47 6862 SMTP>> STARTTLS 20:25:47 6862 waiting for data on socket 20:25:47 6862 read response data: size=14 20:25:47 6862 SMTP<< 220 Go ahead 20:25:47 6862 initializing GnuTLS as a client 20:25:47 6862 read D-H parameters from file 20:25:47 6862 initialized D-H parameters 20:25:47 6862 no TLS client certificate is specified 20:25:47 6862 initialized certificate stuff 20:25:47 6862 adjusted protocol priorities: 2 2 1 20:25:47 6862 lowering GnuTLS security, compatibility mode 20:25:47 6862 initialized GnuTLS session 20:25:48 6862 cipher: TLS1.0:RSA_AES_256_CBC_SHA1:32 20:25:48 6862 SMTP>> EHLO argenau 20:25:48 6862 tls_do_write(ff9a673b, 14) 20:25:48 6862 gnutls_record_send(SSL, ff9a673b, 14) 20:25:48 6862 outbytes=14 20:25:48 6862 waiting for data on socket 20:25:48 6862 Calling gnutls_record_recv(f8d58f40, ff9a473b, 4096) 20:25:48 6862 read response data: size=106 20:25:48 6862 SMTP<< 250-mailrelayi.jaist.ac.jp 20:25:48 6862 250-8BITMIME 20:25:48 6862 250-SIZE 104857600 20:25:48 6862 250-AUTH PLAIN LOGIN 20:25:48 6862 250 AUTH=PLAIN LOGIN cu andreas -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
