Il giorno mer 8 gen 2025 alle ore 12:11 Slavko via Exim-users <[email protected]> ha scritto: > I afraid, that IP will not work, the "*" is not good to use, > but can be really good while investigating the problem. > > It is not tried for hostname you configured for smarthost, > but by name of its IP (PTR name, or even name from cert?), > for smarthost they can differ. Thus you have to carefully > inspect, which name your smarthost reports/use.
I've tried everything and currently using "*", so it should be good, at least for this testing phase. > The second problem can be, as stated in subject, invalid > certficate. AFAIK Debian's smarthost transport doesn't > verify it (by default), and thus it can be happy with > self-signed and/or not matching CN/SAN (i am not sure > with expired now), but cert still can be invalid for > underlying TLS library (GnuTLS in Debian) for some reason. I can bypass the crypted connection, but smtp auth still doesn't work > And if TLS fails, the smarthost can not advertise AUTH > over plain connection, thus no AUTH attempts... I would > test with gnutls-cli (or openssl s_client) to check, if > (START)TLS can be established over destination port. AUTH is advertised, i've checked it by setting the smarthost address/port to a blocked port, triggering a timeout in the exim client. The timout keep the message in the queue. So i've replaced the smarthost to a working port and flush the queue in verbose mode, in this way i can see the full smtp workflow and AUTH is adverties: AUTH PLAIN LOGIN coming from the smarthost, but the exim client still doesn't send the auth. > > You can stop exim's system service and run it from shell > in foreground with appropriate debug options, and then > watch what happens on delivery attempts. It's a production server, running from command line with full debug it's impossible, i'll get flooded by request. Any idea how to enable a full-debug only for requests coming from a particular ip ? -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## [email protected] ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
