Re: exim failure
In-reply-to: <[🔎] ZB52J1AguGBUmLog@axis.corp>
References: <[🔎] 9ef536feee6ec3ae2e3032d22e06dfde@easthope.ca>
<[🔎] ZB52J1AguGBUmLog@axis.corp>
From: David Wright <deblis@lionunicorn.co.uk>
Date: Fri, 24 Mar 2023 23:18:47 -0500
That looks fine, and shows that you're going to send through their
port 465, which will require TLS and authentication. So first you need
to encode your username and password with:
$ echo -e -n '\0username\0password' | base64
...
I logged in at https://islandhosting.com/login , dug down a few layers
and lucked onto this.
"Mail Client Manual Settings
...
Secure SSL/TLS Settings (Recommended)
Username: peter@easthope.ca
Password: Use the email account¶s password.
Incoming Server: mail.easthope.ca
IMAP Port: 993 POP3 Port: 995
Outgoing Server: mail.easthope.ca
SMTP Port: 465
IMAP, POP3, and SMTP require authentication."
No mention of STARTTLS or TLS on connect. Tried this
interactive run.
$ openssl s_client -starttls smtp -crlf -connect mail.easthope.ca:465
CONNECTED(00000003)
Didn't find STARTTLS in server response, trying anyway...
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 341 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
$
The server is using TLS on connect rather than STARTTLS?
TLS is seriously broken here?
================================================
Before trying the interactive process, checked a bunch of details
including instructions in https://wiki.debian.org/Exim. Generated
fresh /etc/exim4/exim.crt and /etc/exim4/exim.key.
Requested delivery of the last message in the queue.
$ exim -M 1pgCEl-00010a-4l
$ tail -n 1 /var/log/exim4/mainlog
2023-03-25 16:59:30 1pgCEl-00010a-4l == peter@easthope.ca R=smarthost
T=remote_s
mtp_smarthost defer (-37) H=easthope.ca [158.69.159.172]: TLS session:
(certific
ate verification failed)
==============================================
Notes from reviewing additional details.
Noticed that dnsmasq was absent. =8~/ Installed it.
Also found this.
root@imager:/home/root# cat /etc/resolv.conf
domain hitronhub.home
search hitronhub.home
nameserver 192.168.0.1
https://wiki.debian.org/dnsmasq gave a hint to add
127.0.0.1 as first line. So now this.
root@imager:/home/root# cat /etc/resolv.conf
nameserver 127.0.0.1
domain hitronhub.home
search hitronhub.home
nameserver 192.168.0.1
I didn't submit "hitronhub.home".
https://en.wikipedia.org/wiki/Top-level_domain#Rejected_domains
suggests, to me, that hitronhub.home is a contrivance of the Hitron
manufacturer. Came to resolv.conf during system installation? From
DHCP? Allows the Hitron box to intercept name resolution requests?
Necessary? A source of confusion? Isn't "nameserver 192.168.0.1"
enough?
Checked a few lookups for interest.
$ nslookup easthope.ca
Server: 192.168.0.1
Address: 192.168.0.1#53
Non-authoritative answer:
Name: easthope.ca
Address: 158.69.159.172
$ nslookup mail.easthope.ca
Server: 192.168.0.1
Address: 192.168.0.1#53
Non-authoritative answer:
mail.easthope.ca canonical name = easthope.ca.
Name: easthope.ca
Address: 158.69.159.172
$ nslookup islandhosting.com
Server: 192.168.0.1
Address: 192.168.0.1#53
Non-authoritative answer:
Name: islandhosting.com
Address: 192.99.111.180
Name: islandhosting.com
Address: 2607:5300:60:925e::
$ nslookup hornby.islandhosting.com
Server: 192.168.0.1
Address: 192.168.0.1#53
Non-authoritative answer:
Name: hornby.islandhosting.com
Address: 158.69.159.172
Name: hornby.islandhosting.com
Address: 2607:5300:203:66b5::
$ whois 192.99.111.180 | grep island
$ whois 158.69.159.172 | grep island
$
Neither IP gets islandhosting.com?
Thx, ... P.
Reply to: