Differences

This shows you the differences between two versions of the page.

--- computing:exim4 [2024/12/13 04:51] – oemb1905
+++ computing:exim4 [2025/12/27 20:20] (current) – oemb1905
@@ Line 206: / Line 206: @@
 {{ :computing:tls.png?400 |}}
-On clients that do not have TLS set up, you can do:
+To stop the relay from barfing when clients with incomplete TLS emails through it, you can do the following on the client sending th email (not on the server/relay):
+  sudo nano /etc/exim4/exim4.conf.localmacros
   REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = !*
+  systemctl restart exim4
+For the Debian Trixie update, you have to delete your legacy ''/etc/default/exim4'' config. Use the new one it provides and - unless you have reason otherwise - leave it default/blank. Navigate to ''/etc/exim4/exim4.conf.localmacros'' and add the following at the bottom of the file (or create it and add this):
- --- //[[webmaster@haacksnetworking.org|oemb1905]] 2024/12/13 04:50//
+  daemon_smtp_ports = 25 : 587 : 10025
+I also found that hosts that previously passed a DNS check were now sending via IPv6 and, despite an A record being present in both ipv4 and ipv6, it was querying PTR. Before, when the clients under Bookworm sent with ipv4, exim4 was not checking PTR. I did not dive in to see whether a new default PTR check was enabled under Trixie. Rather, I decided to whitelist the "external" IPs of dedicated LAN-side nodes instead. Just add the ipv4 and ipv6 addresses in ''dc_relay_nets'' in your ''/etc/exim4/update-exim4.conf.conf'', for example:
+<code bash>
+dc_minimaldns='false'
+dc_relay_nets='
+domain.org;
+sub.domain.org;
+.27.19.199;
+:6d2:7571:b2f1:gceg:1ddd:fe12:27af;
+'
+dc_smarthost=''
+</code>
+ --- //[[alerts@haacksnetworking.org|oemb1905]] 2025/12/27 20:12//

Haack's Wiki

User Tools

Site Tools

Differences

Page Tools