[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: exim-tls just says "no, stupid!"



On Tue, Jun 17, 2003 at 01:17:38AM -0500, Will Trillich wrote:
| On Sun, Jun 15, 2003 at 10:42:45PM -0700, Vineet Kumar wrote:

| > What problems have you faced trying to get exim-tls up and
| > running?  I can share my config if you need it.
| 
| well, when i have the tls options enabled, eudora and outhouse
| excess both claim the server doesn't speak ssl/tls -- and
| sniffit shows only "EHLO <hostname>" and "QUIT" from the client,
| even tho telnetting in to port 25 (smtp) shows "STARTTLS" as an
| option.

That's, obviously!, a client bug.  :-)

I recall reading something about Outhouse not supporting STARTTLS and
the "solution" is to run a TLS-always daemon on a separate port.  Then
tell outhouse to use that other port instead.  Kinda like HTTP vs.
HTTPS where it's an all-or-nothing deal (even though STARTTLS is a
better approach).

| (certificate and public key seem okay; i'm even able to grok the
| syntax to have an authenticator pull password fields out of a
| "htpasswd"-created file...)

That sounds good.

May I suggest using exim or some other Debian tool to verify that exim
itself is working with TLS (and/or AUTH)?

(the AUTH PLAIN part is easy, using telnet)

| (not to mention what machinations i have to do to the windo~1
| client software to get it to grok tls correctly...)

This is where things get icky.  But that's just M********.  You're
well aware of that already, though.  That's why I recommend using
well-known and well-documented (debian) tools to verify your exim
config before attempting to jump through hoops in Redmond.

BTW, I *think* I have exim working with TLS, but
    1)  I am using exim 4, not 3.x
    2)  I don't actually use it apart from testing way back when I
            configured it, so I don't remember if it is actually there
            or not.  If you want to experiment with it, you're welcome
            to.  Just let me know before hand because, IIRC, I have
            STARTTLS only advertised to certain clients.

HTH,
-D

-- 
Q: What is the difference betwee open-source and commercial software?
A: If you have a problem with commercial software you can call a phone
   number and they will tell you it might be solved in a future version.
   For open-source sofware there isn't a phone number to call, but you
   get the solution within a day.
 
http://dman.ddts.net/~dman/

Attachment: pgp2HWrBcSAsC.pgp
Description: PGP signature


Reply to: