Is there an Exim directives configuration explained?

[Klymax]

Hello.

I'm looking for a documentation on Exim's configuration file(s), that tells exactly what value or values should be entered in a particular directive, and exactly in what section of the file the directive should be placed.

On the official Exim documentation, they only mention what a particular directive is capable to do, but they don't tell us the possible and/or correct values, nor they tell where in the entire config file the directive have to be placed.

Well, thanks in advance guys.

~ceci

 

[cPanelLauren]

That would be a ton of documentation, to narrow it down can you point me in the direction of what you're looking to do specifically?

 

[Klymax]

Hi Lauren.
Of course.

I got this log:

2020-01-10 12:38:10.133 [1419] 1ipwMT-0000Mt-DB <= [email protected] H=(compras2) [201.222.[I].[/I]]:30589 I=[65.60.[I].[/I]]:25 P=esmtpa L- A=dovecot_login:[email protected] S=69568 M8S=0 RT=0.723s [email protected] T="correo de prueba" from <[email protected]> for [email protected]
2020-01-10 12:38:10.173 [1422] 1ipwMT-0000Mt-DB Sender identification U=enercp D=senderdomain.com [email protected]
2020-01-10 12:38:10.173 [1422] 1ipwMT-0000Mt-DB SMTP connection outbound 1578670690 1ipwMT-0000Mt-DB senderdomain.com [email protected]
2020-01-10 12:38:11.906 [1425] 1ipwMT-0000Mt-DB TLS session: (SSL_connect): error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol: delivering unencrypted to H=mx-server.remotedomain.com [200.108.[I].[/I]] (not in hosts_require_tls)
2020-01-10 12:38:13.307 [1422] 1ipwMT-0000Mt-DB => [email protected] F=<[email protected]> P=<[email protected]> R=lookuphost T=remote_smtp S=71049 H=mx-server.remotedomain.com [200.108.[I].[/I]]:25 I=[65.60.[I].[/I]]50388 L C="250 ok 1578670697 qp 28368" QT=3.898s DT=1.370s
2020-01-10 12:38:13.307 [1422] 1ipwMT-0000Mt-DB Completed QT=3.899s

And the advice is to set the directive hosts_avoid_tls with the IP(s) of the server that Exim should not try to start a TLS session.
In another post, it says that this directive must go in the remote_smtp serction.

And of course, the line that throws the error is:

2020-01-10 12:38:11.906 [1425] 1ipwMT-0000Mt-DB TLS session: (SSL_connect): error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol: delivering unencrypted to H=mx-server.remotedomain.com [200.108.-.-] (not in hosts_require_tls)

I try this, but nothing. So I wanna know how and where to set a particular value.

 

[cPanelLauren]

Hello,

There really isn't a configurable setting for this in cPanel/WHM's Exim Configuration Manager. This is occurring because the server does not accept SSL connections. The only real way around this is to allow SSLv3 connections on the server.

 

[Klymax]

Hello Lauren.
Thank you for your help.

I got 2 questions:

The server that does not accept SSL connections, is the remote server, right?
and
Can this be done on a per-domain basis? I mean, allowing SSLv3 for some MX servers.

Again, thank you!

 

[cPanelLauren]

The server that does not accept SSL connections, is the remote server, right?
and

Correct, and the only way your mail is being sent over an SSLv3 connection is in the instance you're using a mail client which utilizes this encryption method. Typically this is an older Outlook client.


You might look at the following threads:

Secure mail routing over TLS

We have relationships with some banks that are trying to implement some secure email. Is there any method that would force the server to send emails via TLS when sending email to a specific domain? We basically need to require that an email be secure from user -> mail server and from mail...

forums.cpanel.net

Forcing TLS to and from a specific domain in Exim

Hi, I need to require tls connections for a specific domain when emailing. I'm not familiar with the Exim advanced configuration editor and I don't see the settings needed in the "Add additional configuration setting" Research indicates to add to Exim configuration: hosts_require_tls =...

forums.cpanel.net

 

[Klymax]

Thank you Lauren.
I'll check the articles and comeback here to update the thread.

Blessings.

~ceci