# exim with smarthost requiring smtp-auth smtp-over-ssl/tls

## VooDooPriest

Hi!

I'm trying to setup a local exim server which delivers my mail through my universitys mailserver, unfortunatly the universitys mail server requires to  be connected to with ssl on port 465 , uses tls and smtp-auth ...

so far I made following changes to the tls enabled build of exim .. well to the config: 

```

[...]

tls_on_connect_ports = 465

...

begin routers

smarthost:

 driver = manualroute

 transport = remote_smtp

 route_list = "* mailmaster.uni-wuerzburg.de"

....

remote_smtp:

  driver = smtp

  hosts_try_auth = mailmaster.uni-wuerzurg.de

  hosts_require_tls = mailmaster.uni-wuerzburg.de

..

fixed_plain:

  driver = plaintext

  public_name = PLAIN

  client_send = ^me^mypass

```

what else do i need? so far the log says: stopped recieving data after initial connection 

any suggestions ? or someone with a similar setup who could give me some tipps?

thanx

----------

## adaptr

Actual log output would be nice, and you could try upping the log level for the duration.

Not everything is logged by default; read the Exim spec on how to change this.

----------

## VooDooPriest

i have invoked the exim sever manually with :

```
exim -bd -q15m -d+all
```

so i hope this gives me the full loggin:

```
09:22:34  1028 delivering 1EQgNF-0000GS-KC to mailmaster.uni-wuerzburg.de [132.187.3.40] (danbala@gmx.net)

09:22:34  1028 set_process_info:  1028 delivering 1EQgNF-0000GS-KC to mailmaster.uni-wuerzburg.de [132.187.3.40] (danbala@gmx.net)

09:22:34  1028 expanding: $primary_hostname

09:22:34  1028    result: localhost

09:22:34  1022 set_process_info:  1022 delivering 1EQgNF-0000GS-KC: waiting for a remote delivery subprocess to finish

09:22:34  1022 selecting on subprocess pipes

09:22:34  1028 Connecting to mailmaster.uni-wuerzburg.de [132.187.3.40]:465 ... connected

09:22:34  1028 waiting for data on socket

09:23:34  1022 selecting on subprocess pipes

09:24:34  1022 selecting on subprocess pipes

09:25:34  1022 selecting on subprocess pipes

09:26:34  1022 selecting on subprocess pipes

09:27:19   494 child 495 ended: status=0x0

09:27:19   494 0 queue-runner processes now running

09:27:19   494 Listening...

09:27:34  1022 selecting on subprocess pipes

09:27:34  1028 ok=0 send_quit=0 send_rset=1 continue_more=0 yield=1 first_address is not NULL

09:27:34  1028 LOG: MAIN

09:27:34  1028   SMTP timeout while connected to mailmaster.uni-wuerzburg.de [132.187.3.40] after initial connection: Connection timed out

09:27:34  1028 set_process_info:  1028 delivering 1EQgNF-0000GS-KC: just tried mailmaster.uni-wuerzburg.de [132.187.3.40] for danbala@gmx.net: result DEFER

09:27:34  1028 added retry item for T:mailmaster.uni-wuerzburg.de:132.187.3.40:465: errno=110 more_errno=0,A flags=2

09:27:34  1028 all IP addresses skipped or deferred at least one address

09:27:34  1028 locking /var/spool/exim/db/wait-remote_smtp.lockfile

09:27:34  1028 locked /var/spool/exim/db/wait-remote_smtp.lockfile

09:27:34  1028 EXIM_DBOPEN(/var/spool/exim/db/wait-remote_smtp)

09:27:34  1028 returned from EXIM_DBOPEN

09:27:34  1028 opened hints database /var/spool/exim/db/wait-remote_smtp: flags=2

09:27:34  1028 dbfn_read: key=mailmaster.uni-wuerzburg.de

09:27:34  1028 dbfn_write: key=mailmaster.uni-wuerzburg.de

09:27:34  1028 Leaving remote_smtp transport

09:27:34  1028 set_process_info:  1028 delivering 1EQgNF-0000GS-KC (just run remote_smtp for danbala@gmx.net in subprocess)

09:27:34  1028 search_tidyup called

09:27:34  1022 reading pipe for subprocess 1028 (not ended)

09:27:34  1022 read() yielded 16

09:27:34  1022 selecting on subprocess pipes

09:27:34  1022 reading pipe for subprocess 1028 (not ended)

09:27:34  1022 read() yielded 5

09:27:34  1022 selecting on subprocess pipes

09:27:34  1022 reading pipe for subprocess 1028 (not ended)

09:27:34  1022 read() yielded 157

09:27:34  1022 reading retry information for T:mailmaster.uni-wuerzburg.de:132.187.3.40:465 from subprocess

09:27:34  1022   added retry item

09:27:34  1022 selecting on subprocess pipes

09:27:34  1022 reading pipe for subprocess 1028 (not ended)

09:27:34  1022 read() yielded 115

09:27:34  1022 selecting on subprocess pipes

09:27:34  1022 reading pipe for subprocess 1028 (not ended)

09:27:34  1022 read() yielded 2

09:27:34  1022 Z0 item read

09:27:34  1022 remote delivery process 1028 ended

09:27:34  1022 set_process_info:  1022 delivering 1EQgNF-0000GS-KC

09:27:34  1022 post-process danbala@gmx.net (1)

09:27:34  1022 LOG: MAIN

09:27:34  1022   == danbala@gmx.net R=smarthost T=remote_smtp defer (110): Connection timed out: SMTP timeout while connected to mailmaster.uni-wuerzburg.de [132.187.3.40] after initial connection

09:27:34  1022 >>>>>>>>>>>>>>>> deliveries are done >>>>>>>>>>>>>>>>

```

or is there a way to activate even more loggin? 

(sorry i find the exim documentation quite a bit confusing   :Smile:  )

thanx

----------

## adaptr

It can be quite confusing at first, but Exim has - luckily - the most extensive documentation of any Unix mail server.

You can see here where it happens, at least: it tries to connect, fails, and defers the message internally to try again later.

IOW it is definitely a connection problem - the SSL connection on port 465 isn't even made.

Find out whether the uni wants you to use SSL throughout or if you should switch to starttls.

Or what kind of encryption they want for your logon - PLAIN simply isn't very secure.

As for the logging: the option is log_selector, read this: http://www.exim.org/exim-html-4.50/doc/html/spec_48.html#SECT48.15

----------

## VooDooPriest

ok, but as it seem the -d+all commandline option does the same as log_selector = +all,

the valid login methods are plain and login, i have tried that with evolution.

it only works in evolution if I insert the smtp as ssl connection (465) and tls (secure)

I'd have asked the admin of the server, but till now they didnt answer, (didn't expect that ... they are, well, lets say less than cooperative  :Smile:  )

----------

## VooDooPriest

i got this answer on exim-user mailinglist :

Exim doesn't support tls-on-connect as a client.  If the university 

won't allow to you submit mail with STARTTLS on ports 587 or 25, then 

you'll have to use stunnel or something to tunnel the connection over ssl.

so it seems ... exim can't hold up to its reputation ...

well then:exim's dead  :Smile:  long life sendmail

----------

