0

I'm trying to get Exim to use STARTTLS to send emails that are just FORWARDS.

I have a server accepting email at example-accepting.com for users. So I want user@example-accepting.com to forward all email to user@example.com. If I do this from the command like on example-accepting.com... echo "test" | mail -s "ssl/tls test" user@example.com Success!! Sent via TLS BUT, if I send an email to user@example-accepting.com the forward fails, it's NOT being sent via TLS. I've tried both forwarding the email via /etc/aliases and the user .forward file. The email is indeed sent, but NOT via TLS.

Why is it when I run "mail" from the command like it's working like it should, but a .forward is not using TLS?

Thanks

Blake
  • 46
  • 3

2 Answers2

0

I would try setting hosts_require_tls to include the domain you are forwarding to. This should cause Exim to always use TLS for the server. This may need to be set on all transports using the smtp driver. (Some configurations have multiple smtp transports.)

EDIT: If it works from the command line, then your configuration appears correct. It is possible that your running daemon is running an old configuration. You could test this with a command like 

sendmail -odq -fyou@example.com you@example.com
Subject: Test message

test
.

This should add the message to the queue. It will be delivered the next time the queue is run. Check that message to see if it as delivered using TLS. You can get Exim to reload its configuration by sending it a HUP signal. The command exiwhat should tell you the PID of the Exim daemon.

BillThor
  • 27,737
  • 3
  • 37
  • 69
  • Wouldn't this do it? in /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp I have hosts_require_tls = * – Blake Oct 14 '13 at 22:09
  • Also, it *is* using TLS from the command line, but it's not when the email is send via /etc/alisases or a .forward file. – Blake Oct 14 '13 at 22:12
  • It is possible another transport is handling the request. Try setting hosts_require_tls at the top of the configuration. It should apply to all transports when set there. – BillThor Oct 15 '13 at 12:59
  • No, `hosts_require_tls` is an SMTP Transport option, it needs to be set on a particular transport, it can not be set in the main section of the configuration. There are no general rules that Transport options can be set in Main. – Phil P Oct 25 '13 at 05:55
0

You have some kind of constraint on which router can be used, which is being applied based on some local configuration. Perhaps you set some $acl_m_foo data in an ACL which is later evaluated in a router, perhaps the relevant router is checking $sender_host_address.

Use exim -bt user@example.com to see how Exim normally routes mails to that address, and use exim -bh 192.0.2.4 -bt user@example.com to see the decisions made when Exim assumes that the message was sent from 192.0.2.4. To see more data, use the -d option, for debugging, which also takes a bunch of tags to turn on even more debugging (eg, -d+expand+acl).

In a normal configuration, routers only look at the recipient, not the sender, so if recipient A is routed such that TLS is used for a mail submitted locally, it will do so if the message came in remotely. Exim is powerful and flexible enough that you can shoot yourself in the foot, though.

Phil P
  • 3,080
  • 1
  • 16
  • 19