Exim4 Error:An unexpected TLS packet was received.

libresociety · 2021 年5 月 19 日 15:55

From /var/log/exim4/main.log:

2021-05-19 23:38:51 1ljOB8-0001Ha-A0 == ?@outlook.com
R=smarthost T=remote_smtp_smarthost defer (-37)
H=HKG-efz.ms-acdc.office.com [52.98.37.34]:
TLS session: (gnutls_handshake): An unexpected TLS packet was received.

From /etc/default/exim4:

# /etc/default/exim4
EX4DEF_VERSION=''

# 'combined' -	 one daemon running queue and listening on SMTP port
# 'no'       -	 no daemon running the queue
# 'separate' -	 two separate daemons
# 'ppp'      -   only run queue with /etc/ppp/ip-up.d/exim4.
# 'nodaemon' - no daemon is started at all.
# 'queueonly' - only a queue running daemon is started, no SMTP listener.
# setting this to 'no' will also disable queueruns from /etc/ppp/ip-up.d/exim4
QUEUERUNNER='combined'
# how often should we run the queue
QUEUEINTERVAL='30m'
# options common to quez-runner and listening daemon
COMMONOPTIONS=''
# more options for the daemon/process running the queue (applies to the one
# started in /etc/ppp/ip-up.d/exim4, too.
QUEUERUNNEROPTIONS=''
# special flags given to exim directly after the -q. See exim(8)
QFLAGS=''
# Options for the SMTP listener daemon. By default, it is listening on
# port 25 only. To listen on more ports, it is recommended to use
# -oX 25:587:10025 -oP /run/exim4/exim.pid
SMTPLISTENEROPTIONS='-oX 465:25 -oP /run/exim4/exim.pid'

From etc/exim4/exim4.conf.localmacros:

MAIN_TLS_ENABLE = 1
REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS = *
TLS_ON_CONNECT_PORTS = 465

~~REQUIRE_PROTOCOL = smtps~~
对于文件/etc/exim4/exim4.conf.template，我在
ifdef REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS ... .endif之后增加了
.ifdef REQUIRE_PROTOCO
protocol = REQUIRE_PROTOCOL
.endif
.ifdef MAIN_TLS_ENABLE之后增加了

.ifdef TLS_ON_CONNECT_PORTS
    tls_on_connect_ports = TLS_ON_CONNECT_PORTS
.endif

这是一个配置问题吗？

libresociety · 2021 年5 月 20 日 06:37

这是一个配置问题，smtp-mail.outlook.com是一个别名：

host smtp-mail.outlook.com
smtp-mail.outlook.com is an alias for outlook.office365.com.
outlook.office365.com is an alias for outlook.ha.office365.com.
outlook.ha.office365.com is an alias for outlook.ms-acdc.office.com.
outlook.ms-acdc.office.com is an alias for HKG-efz.ms-acdc.office.com.
HKG-efz.ms-acdc.office.com has address 40.100.54.226
HKG-efz.ms-acdc.office.com has address 40.100.54.210
HKG-efz.ms-acdc.office.com has address 40.100.54.242
HKG-efz.ms-acdc.office.com has address 40.100.2.82
HKG-efz.ms-acdc.office.com has IPv6 address 2603:1046:c02:1820::2
HKG-efz.ms-acdc.office.com has IPv6 address 2603:1046:c02:1838::2
HKG-efz.ms-acdc.office.com has IPv6 address 2603:1046:202:17::2
HKG-efz.ms-acdc.office.com has IPv6 address 2603:1046:202:16::2

在/etc/exim4/passwd.client中应该使用真正的主机名HKG-efz.ms-acdc.office.com。执行该操作后，问题解决。

对REQUIRE_PROTOCOL宏的配置是为了支持已废弃的 smtps 协议，这特定于电子邮件服务提供商，在这里是不需要的。

对REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS宏的配置是为了防止连接回退，如果这种情况是可接受的，则它是不必要的。

其余设置是为了使用本地安装的证书，以避免exim4在临时生成证书时发出抱怨。如果这种情况是可接受的，则这些配置是不必要的。