Haack's Wiki

User Tools

Site Tools

Trace: nextcloud miscadmin mailserver selfhostedwp vmserver gitlab-ce synapse
computing:exim4

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
computing:exim4 [2021/10/30 18:41] oemb1905computing:exim4 [2025/12/27 20:20] (current) oemb1905
Line 184: Line 184:
 To delete all frozen emails and/or individually delete/read. To delete all frozen emails and/or individually delete/read.
  
-  exim -bp <message id> 
-  exim -Mrm <message id> 
-  exim -Mvh <message id> 
   exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash   exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash
 +
 +To read email body:
 +
 +  exim4 -Mvb <message id>
 +
 +To view the email header:
 +
 +  exim -Mvh <message id>
  
 TLS can pitch an annoying warning that states "TLS connections will fail. Suggested action: either install a certificate or change tls_advertise_hosts option."  I should not be getting this Warning, nor should I have to change any options in the config, since I am already advertising TLS and properly accepting smtp connections from it (see swaks output above).  Most online resources talk about getting this warning when it is a false positive, but in this case, it is false negative, meaning it is saying I don't have this but I do.  Here's how to suppress the irrelevant and in this case, incorrect, warning: TLS can pitch an annoying warning that states "TLS connections will fail. Suggested action: either install a certificate or change tls_advertise_hosts option."  I should not be getting this Warning, nor should I have to change any options in the config, since I am already advertising TLS and properly accepting smtp connections from it (see swaks output above).  Most online resources talk about getting this warning when it is a false positive, but in this case, it is false negative, meaning it is saying I don't have this but I do.  Here's how to suppress the irrelevant and in this case, incorrect, warning:
Line 199: Line 204:
 Just so you are clear, it will look like this: Just so you are clear, it will look like this:
  
 +{{ :computing:tls.png?400 |}}
 +
 +To stop the relay from barfing when clients with incomplete TLS emails through it, you can do the following on the client sending th email (not on the server/relay):
 +
 +  sudo nano /etc/exim4/exim4.conf.localmacros
 +  REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = !*
 +  systemctl restart exim4
 +  
 +For the Debian Trixie update, you have to delete your legacy ''/etc/default/exim4'' config. Use the new one it provides and - unless you have reason otherwise - leave it default/blank. Navigate to ''/etc/exim4/exim4.conf.localmacros'' and add the following at the bottom of the file (or create it and add this):
 +
 +  daemon_smtp_ports = 25 : 587 : 10025
 +  
 +I also found that hosts that previously passed a DNS check were now sending via IPv6 and, despite an A record being present in both ipv4 and ipv6, it was querying PTR. Before, when the clients under Bookworm sent with ipv4, exim4 was not checking PTR. I did not dive in to see whether a new default PTR check was enabled under Trixie. Rather, I decided to whitelist the "external" IPs of dedicated LAN-side nodes instead. Just add the ipv4 and ipv6 addresses in ''dc_relay_nets'' in your ''/etc/exim4/update-exim4.conf.conf'', for example:
  
 +<code bash>
 +dc_minimaldns='false'
 +dc_relay_nets='
 +domain.org;
 +sub.domain.org;
 +97.27.19.199;
 +2748:6d2:7571:b2f1:gceg:1ddd:fe12:27af;
 +'
 +dc_smarthost=''
 +</code>
  
- --- //[[jonathan@haacksnetworking.com|oemb1905]] 2021/10/30 12:05//+ --- //[[alerts@haacksnetworking.org|oemb1905]] 2025/12/27 20:12//
computing/exim4.1635619294.txt.gz · Last modified: by oemb1905

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki