[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: exim-tls just says "no, stupid!"



On Tue, Jun 17, 2003 at 11:53:42AM -0500, Will Trillich wrote:
| On Tue, Jun 17, 2003 at 11:42:34AM -0400, Derrick 'dman' Hudson wrote:
| > On Tue, Jun 17, 2003 at 01:17:38AM -0500, Will Trillich wrote:
| > | (certificate and public key seem okay; i'm even able to grok the
| > | syntax to have an authenticator pull password fields out of a
| > | "htpasswd"-created file...)
| > 
| > That sounds good.
| > 
| > May I suggest using exim or some other Debian tool to verify that exim
| > itself is working with TLS (and/or AUTH)?
| > 
| > (the AUTH PLAIN part is easy, using telnet)
| 
| i can probably find the exim testing options (didn't think to
| look, of course -- thanks!)

To test AUTH PLAIN :
    First enable AUTH without TLS in exim.  (I don't remember what the
    tricks are with exim 3.  If you see "250-AUTH PLAIN" in response
    to an EHLO command then this is the case)

    Second, properly encode the data to send to the server.  Eg for a
    user "me" with password "pass" :
        $ echo -ne '\0me\0pass' | base64-encode
        AG1lAHBhc3M=

    Then with telnet try it :
        $ telnet localhost smtp
        ehlo foo
        auth plain AG1lAHBhc3M=

You should see a 2xx (or is it 3xx?) acceptance of the AUTH.  If you
see 4xx or 5xx something is wrong, check the logs.

| but "other debian tool" is a bit vague. what would i apt-cache
| search for?

Anything that does ESMTP with STARTLS.  I imagine that Mozilla Mail,
KMail, Evolution, and others, do this.  I know that mutt does not.

| > BTW, I *think* I have exim working with TLS, but
| >     1)  I am using exim 4, not 3.x
| 
| i'm using woody/stable:
| 	$ exim -bV
| 	Exim version 3.35 #1 built 04-Mar-2002 23:05:40
| 	Copyright (c) University of Cambridge 2001

Say, just today I noticed that exim4 is in sid now.  It looks (based
on expanding the archives and seeing what files are in the package)
like the packagers did a nice job too.  The config is now separated
into multiple files in a well-organized fashion based on the sections.
In addition they appear to have included the dynamic loading
local_scan patch available on the 'net.  If I wasn't going to end up
with package conflicts from it I'd upgrade to it now :-).  YMMV.

| >     2)  I don't actually use it apart from testing way back when I
| >             configured it, so I don't remember if it is actually there
| >             or not.  If you want to experiment with it, you're welcome
| >             to.  Just let me know before hand because, IIRC, I have
| >             STARTTLS only advertised to certain clients.
| 
| "want to experiment with it" means... what? :)

Meaning use my machine to relay to yourself.  You would inject a
message into exim on your machine.  Your exim would route it through
my machine and use TLS and AUTH in the processes.  If that works, then
you have a functioning TLS set up.

| > Q: What is the difference betwee open-source and commercial software?
| s/wee/ween/

Oops!  :-).

| > A: If you have a problem with commercial software you can call a phone
| >    number and they will tell you it might be solved in a future version.
| >    For open-source sofware there isn't a phone number to call, but you
| >    get the solution within a day.
| 
| well put!

Shamelessly copied from one of Bram Moolenar's sigs.

-D

-- 
He who spares the rod hates his son,
but he who loves him is careful to discipline him.
        Proverbs 13:24
 
http://dman.ddts.net/~dman/

Attachment: pgprHz8LiamDW.pgp
Description: PGP signature


Reply to: