Haack's Wiki

User Tools

Site Tools

Trace:
computing:exim4

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
computing:exim4 [2021/10/30 18:42] oemb1905computing:exim4 [2025/12/27 20:20] (current) oemb1905
Line 184: Line 184:
 To delete all frozen emails and/or individually delete/read. To delete all frozen emails and/or individually delete/read.
  
-  exim -bp <message id> 
-  exim -Mrm <message id> 
-  exim -Mvh <message id> 
   exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash   exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash
 +
 +To read email body:
 +
 +  exim4 -Mvb <message id>
 +
 +To view the email header:
 +
 +  exim -Mvh <message id>
  
 TLS can pitch an annoying warning that states "TLS connections will fail. Suggested action: either install a certificate or change tls_advertise_hosts option."  I should not be getting this Warning, nor should I have to change any options in the config, since I am already advertising TLS and properly accepting smtp connections from it (see swaks output above).  Most online resources talk about getting this warning when it is a false positive, but in this case, it is false negative, meaning it is saying I don't have this but I do.  Here's how to suppress the irrelevant and in this case, incorrect, warning: TLS can pitch an annoying warning that states "TLS connections will fail. Suggested action: either install a certificate or change tls_advertise_hosts option."  I should not be getting this Warning, nor should I have to change any options in the config, since I am already advertising TLS and properly accepting smtp connections from it (see swaks output above).  Most online resources talk about getting this warning when it is a false positive, but in this case, it is false negative, meaning it is saying I don't have this but I do.  Here's how to suppress the irrelevant and in this case, incorrect, warning:
Line 201: Line 206:
 {{ :computing:tls.png?400 |}} {{ :computing:tls.png?400 |}}
  
- --- //[[jonathan@haacksnetworking.com|oemb1905]] 2021/10/30 12:05//+To stop the relay from barfing when clients with incomplete TLS emails through it, you can do the following on the client sending th email (not on the server/relay): 
 + 
 +  sudo nano /etc/exim4/exim4.conf.localmacros 
 +  REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = !* 
 +  systemctl restart exim4 
 +   
 +For the Debian Trixie update, you have to delete your legacy ''/etc/default/exim4'' config. Use the new one it provides and - unless you have reason otherwise - leave it default/blank. Navigate to ''/etc/exim4/exim4.conf.localmacros'' and add the following at the bottom of the file (or create it and add this): 
 + 
 +  daemon_smtp_ports = 25 : 587 : 10025 
 +   
 +I also found that hosts that previously passed a DNS check were now sending via IPv6 and, despite an A record being present in both ipv4 and ipv6, it was querying PTR. Before, when the clients under Bookworm sent with ipv4, exim4 was not checking PTR. I did not dive in to see whether a new default PTR check was enabled under Trixie. Rather, I decided to whitelist the "external" IPs of dedicated LAN-side nodes instead. Just add the ipv4 and ipv6 addresses in ''dc_relay_nets'' in your ''/etc/exim4/update-exim4.conf.conf'', for example: 
 + 
 +<code bash> 
 +dc_minimaldns='false' 
 +dc_relay_nets=' 
 +domain.org; 
 +sub.domain.org; 
 +97.27.19.199; 
 +2748:6d2:7571:b2f1:gceg:1ddd:fe12:27af; 
 +
 +dc_smarthost='' 
 +</code> 
 + 
 + --- //[[alerts@haacksnetworking.org|oemb1905]] 2025/12/27 20:12//
computing/exim4.1635619344.txt.gz · Last modified: by oemb1905

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki