Exim will not try to start a TLS session when delivering to any host that
matches this list. See chapter &<<CHAPTLS>>& for details of TLS.
+.option hosts_verify_avoid_tls smtp "host list&!!" *
+.cindex "TLS" "avoiding for certain hosts"
+Exim will not try to start a TLS session for a verify callout,
+or when delivering in cutthrough mode,
+to any host that matches this list.
+Note that the default is to not use TLS.
+
.option hosts_max_try smtp integer 5
.cindex "host" "maximum number to try"
#endif
{ "hosts_try_auth", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, hosts_try_auth) },
+#ifdef SUPPORT_TLS
+ { "hosts_verify_avoid_tls", opt_stringptr,
+ (void *)offsetof(smtp_transport_options_block, hosts_verify_avoid_tls) },
+#endif
{ "interface", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, interface) },
{ "keepalive", opt_bool,
NULL, /* hosts_require_auth */
NULL, /* hosts_require_tls */
NULL, /* hosts_avoid_tls */
+ US"*", /* hosts_verify_avoid_tls */
NULL, /* hosts_avoid_pipelining */
NULL, /* hosts_avoid_esmtp */
NULL, /* hosts_nopass_tls */
uschar *hosts_require_auth;
uschar *hosts_require_tls;
uschar *hosts_avoid_tls;
+ uschar *hosts_verify_avoid_tls;
uschar *hosts_avoid_pipelining;
uschar *hosts_avoid_esmtp;
uschar *hosts_nopass_tls;
#ifdef SUPPORT_TLS
if (tls_offered &&
verify_check_this_host(&(ob->hosts_avoid_tls), NULL, host->name,
- host->address, NULL) != OK)
+ host->address, NULL) != OK &&
+ verify_check_this_host(&(ob->hosts_verify_avoid_tls), NULL, host->name,
+ host->address, NULL) != OK
+ )
{
uschar buffer2[4096];
if ( !smtps
-# Exim test configuration 5402
+# Exim test configuration 5410
exim_path = EXIM_PATH
host_lookup_order = bydns
driver = smtp
interface = HOSTIPV4
port = PORT_D
- hosts_avoid_tls = ${if eq {$address_data}{usery}{*}{:}}
+ hosts_avoid_tls = ${if eq {$address_data}{usery}{*}{:}}
+ hosts_verify_avoid_tls = ${if eq {$address_data}{userz}{*}{:}}
# End
-# Exim test configuration 5402
+# Exim test configuration 5420
exim_path = EXIM_PATH
host_lookup_order = bydns
driver = smtp
interface = HOSTIPV4
port = PORT_D
- hosts_avoid_tls = ${if eq {$address_data}{usery}{*}{:}}
+ hosts_avoid_tls = ${if eq {$address_data}{usery}{*}{:}}
+ hosts_verify_avoid_tls = ${if eq {$address_data}{userz}{*}{:}}
# End
1999-03-02 09:44:33 10HmbA-0005vi-00 >> usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbC-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmbB-0005vi-00 no immediate delivery: queued by ACL
+1999-03-02 09:44:33 10HmbC-0005vi-00 >> usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbB-0005vi-00"
+1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
1999-03-02 09:44:33 10HmbA-0005vi-00 >> usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbC-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmbB-0005vi-00 no immediate delivery: queued by ACL
+1999-03-02 09:44:33 10HmbC-0005vi-00 >> usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbB-0005vi-00"
+1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
# cutthrough_delivery to target oferring TLS
exim -DSERVER=server -bd -oX PORT_D
****
+# this one should succeed
exim -d-all+acl+transport+expand+lists -bs
EHLO myhost.test.ex
MAIL FROM:<eximtest@myhost.test.ex>
.
QUIT
****
-# via a transport setting never-tls
+# via a transport setting hosts_avoid_tls
+# so this one should not use TLS
+exim -d-all+acl+transport+expand+lists -bs
+EHLO myhost.test.ex
+MAIL FROM:<eximtest@myhost.test.ex>
+RCPT TO:<usery@domain.com>
+DATA
+
+.
+QUIT
+****
+# via a transport setting hosts_verify_avoid_tls
+# so this one should not use TLS
exim -d-all+acl+transport+expand+lists -bs
EHLO myhost.test.ex
MAIL FROM:<eximtest@myhost.test.ex>
-# cutthrough_delivery to target oferring TLS
+# cutthrough_delivery to target offering TLS
exim -DSERVER=server -bd -oX PORT_D
****
exim -d-all+acl+transport+expand+lists -bs
.
QUIT
****
-# via a transport setting never-tls
+# via a transport setting hosts_avoid_tls
+exim -d-all+acl+transport+expand+lists -bs
+EHLO myhost.test.ex
+MAIL FROM:<eximtest@myhost.test.ex>
+RCPT TO:<usery@domain.com>
+DATA
+
+.
+QUIT
+****
+# via a transport setting hosts_verify_avoid_tls
exim -d-all+acl+transport+expand+lists -bs
EHLO myhost.test.ex
MAIL FROM:<eximtest@myhost.test.ex>
expanding: ${if eq {$address_data}{usery}{*}{:}}
result: :
127.0.0.1 in hosts_avoid_tls? no (end of list)
+expanding: $address_data
+ result: userx
+expanding: userz
+ result: userz
+condition: eq {$address_data}{userz}
+ result: false
+expanding: *
+ result: *
+skipping: result is not used
+expanding: :
+ result: :
+expanding: ${if eq {$address_data}{userz}{*}{:}}
+ result: :
+127.0.0.1 in hosts_verify_avoid_tls? no (end of list)
SMTP>> STARTTLS
SMTP<< 220 TLS go ahead
SMTP>> EHLO myhost.test.ex
LOG: smtp_connection MAIN
SMTP connection from CALLER closed by QUIT
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+admin user
+ in hosts_connection_nolog? no (option unset)
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER
+expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+ in pipelining_advertise_hosts? yes (matched "*")
+ in tls_advertise_hosts? yes (matched "*")
+expanding: SERVER
+ result: SERVER
+expanding: server
+ result: server
+condition: eq {SERVER}{server}
+ result: false
+expanding: queue
+ result: queue
+skipping: result is not used
+expanding: cutthrough
+ result: cutthrough
+expanding: ${if eq {SERVER}{server}{queue}{cutthrough}}
+ result: cutthrough
+using ACL "cutthrough"
+processing "accept"
+check control = cutthrough_delivery
+check verify = recipient
+domain.com in "test.ex : *.test.ex"? no (end of list)
+domain.com in "! +local_domains"? yes (end of list)
+expanding: $local_part
+ result: usery
+domain.com in "*"? yes (matched "*")
+----------- end verify ------------
+accept: condition test succeeded in ACL "cutthrough"
+----------- start cutthrough setup ------------
+domain.com in "test.ex : *.test.ex"? no (end of list)
+domain.com in "! +local_domains"? yes (end of list)
+expanding: $local_part
+ result: usery
+domain.com in "*"? yes (matched "*")
+Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected
+expanding: $primary_hostname
+ result: myhost.test.ex
+ SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+127.0.0.1 in hosts_avoid_esmtp? no (option unset)
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4]
+ 250-SIZE 52428800
+ 250-8BITMIME
+ 250-PIPELINING
+ 250-STARTTLS
+ 250 HELP
+expanding: $address_data
+ result: usery
+expanding: usery
+ result: usery
+condition: eq {$address_data}{usery}
+ result: true
+expanding: *
+ result: *
+expanding: :
+ result: :
+skipping: result is not used
+expanding: ${if eq {$address_data}{usery}{*}{:}}
+ result: *
+127.0.0.1 in hosts_avoid_tls? yes (matched "*")
+ SMTP>> MAIL FROM:<CALLER@myhost.test.ex>
+ SMTP<< 250 OK
+ SMTP>> RCPT TO:<usery@domain.com>
+ SMTP<< 250 Accepted
+----------- end cutthrough setup ------------
+processing "accept"
+accept: condition test succeeded in inline ACL
+ SMTP>> DATA
+ SMTP<< 354 Enter message, ending with "." on a line by itself
+expanding: ${tod_full}
+ result: Tue, 2 Mar 1999 09:44:33 +0000
+condition: def:sender_rcvhost
+ result: false
+expanding: from $sender_rcvhost
+
+ result: from
+
+skipping: result is not used
+condition: def:sender_ident
+ result: true
+expanding: $sender_ident
+ result: CALLER
+expanding: from ${quote_local_part:$sender_ident}
+ result: from CALLER
+condition: def:sender_helo_name
+ result: true
+expanding: (helo=$sender_helo_name)
+
+ result: (helo=myhost.test.ex)
+
+expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}
+ result: from CALLER (helo=myhost.test.ex)
+
+condition: def:received_protocol
+ result: true
+expanding: with $received_protocol
+ result: with local-esmtp
+condition: def:sender_address
+ result: true
+expanding: (envelope-from <$sender_address>)
+
+ result: (envelope-from <CALLER@myhost.test.ex>)
+
+condition: def:received_for
+ result: true
+expanding:
+ for $received_for
+ result:
+ for usery@domain.com
+PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
+expanding: ${tod_full}
+ result: Tue, 2 Mar 1999 09:44:33 +0000
+ SMTP>> .
+ SMTP<< 250 OK id=10HmbB-0005vi-00
+LOG: MAIN
+ >> usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbB-0005vi-00"
+ SMTP>> QUIT
+----------- cutthrough shutdown (delivered) ------------
+LOG: MAIN
+ <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+LOG: MAIN
+ Completed
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
******** SERVER ********
expanding: ${if eq {$address_data}{usery}{*}{:}}
result: :
127.0.0.1 in hosts_avoid_tls? no (end of list)
+expanding: $address_data
+ result: userx
+expanding: userz
+ result: userz
+condition: eq {$address_data}{userz}
+ result: false
+expanding: *
+ result: *
+skipping: result is not used
+expanding: :
+ result: :
+expanding: ${if eq {$address_data}{userz}{*}{:}}
+ result: :
+127.0.0.1 in hosts_verify_avoid_tls? no (end of list)
SMTP>> STARTTLS
SMTP<< 220 TLS go ahead
SMTP>> EHLO myhost.test.ex
LOG: smtp_connection MAIN
SMTP connection from CALLER closed by QUIT
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+admin user
+ in hosts_connection_nolog? no (option unset)
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER
+expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+ in pipelining_advertise_hosts? yes (matched "*")
+ in tls_advertise_hosts? yes (matched "*")
+expanding: SERVER
+ result: SERVER
+expanding: server
+ result: server
+condition: eq {SERVER}{server}
+ result: false
+expanding: queue
+ result: queue
+skipping: result is not used
+expanding: cutthrough
+ result: cutthrough
+expanding: ${if eq {SERVER}{server}{queue}{cutthrough}}
+ result: cutthrough
+using ACL "cutthrough"
+processing "accept"
+check control = cutthrough_delivery
+check verify = recipient
+domain.com in "test.ex : *.test.ex"? no (end of list)
+domain.com in "! +local_domains"? yes (end of list)
+expanding: $local_part
+ result: usery
+domain.com in "*"? yes (matched "*")
+----------- end verify ------------
+accept: condition test succeeded in ACL "cutthrough"
+----------- start cutthrough setup ------------
+domain.com in "test.ex : *.test.ex"? no (end of list)
+domain.com in "! +local_domains"? yes (end of list)
+expanding: $local_part
+ result: usery
+domain.com in "*"? yes (matched "*")
+Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected
+expanding: $primary_hostname
+ result: myhost.test.ex
+ SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+127.0.0.1 in hosts_avoid_esmtp? no (option unset)
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4]
+ 250-SIZE 52428800
+ 250-8BITMIME
+ 250-PIPELINING
+ 250-STARTTLS
+ 250 HELP
+expanding: $address_data
+ result: usery
+expanding: usery
+ result: usery
+condition: eq {$address_data}{usery}
+ result: true
+expanding: *
+ result: *
+expanding: :
+ result: :
+skipping: result is not used
+expanding: ${if eq {$address_data}{usery}{*}{:}}
+ result: *
+127.0.0.1 in hosts_avoid_tls? yes (matched "*")
+ SMTP>> MAIL FROM:<CALLER@myhost.test.ex>
+ SMTP<< 250 OK
+ SMTP>> RCPT TO:<usery@domain.com>
+ SMTP<< 250 Accepted
+----------- end cutthrough setup ------------
+processing "accept"
+accept: condition test succeeded in inline ACL
+ SMTP>> DATA
+ SMTP<< 354 Enter message, ending with "." on a line by itself
+expanding: ${tod_full}
+ result: Tue, 2 Mar 1999 09:44:33 +0000
+condition: def:sender_rcvhost
+ result: false
+expanding: from $sender_rcvhost
+
+ result: from
+
+skipping: result is not used
+condition: def:sender_ident
+ result: true
+expanding: $sender_ident
+ result: CALLER
+expanding: from ${quote_local_part:$sender_ident}
+ result: from CALLER
+condition: def:sender_helo_name
+ result: true
+expanding: (helo=$sender_helo_name)
+
+ result: (helo=myhost.test.ex)
+
+expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}
+ result: from CALLER (helo=myhost.test.ex)
+
+condition: def:received_protocol
+ result: true
+expanding: with $received_protocol
+ result: with local-esmtp
+condition: def:sender_address
+ result: true
+expanding: (envelope-from <$sender_address>)
+
+ result: (envelope-from <CALLER@myhost.test.ex>)
+
+condition: def:received_for
+ result: true
+expanding:
+ for $received_for
+ result:
+ for usery@domain.com
+PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
+expanding: ${tod_full}
+ result: Tue, 2 Mar 1999 09:44:33 +0000
+ SMTP>> .
+ SMTP<< 250 OK id=10HmbB-0005vi-00
+LOG: MAIN
+ >> usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbB-0005vi-00"
+ SMTP>> QUIT
+----------- cutthrough shutdown (delivered) ------------
+LOG: MAIN
+ <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+LOG: MAIN
+ Completed
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
******** SERVER ********
354 Enter message, ending with "." on a line by itself\r
250 OK id=10HmbA-0005vi-00\r
221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at myhost.test.ex\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250-STARTTLS\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+354 Enter message, ending with "." on a line by itself\r
+250 OK id=10HmbC-0005vi-00\r
+221 myhost.test.ex closing connection\r
354 Enter message, ending with "." on a line by itself\r
250 OK id=10HmbA-0005vi-00\r
221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at myhost.test.ex\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250-STARTTLS\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+354 Enter message, ending with "." on a line by itself\r
+250 OK id=10HmbC-0005vi-00\r
+221 myhost.test.ex closing connection\r