On Tue, Jun 17, 2003 at 11:53:42AM -0500, Will Trillich wrote:
| On Tue, Jun 17, 2003 at 11:42:34AM -0400, Derrick 'dman' Hudson wrote:
| > On Tue, Jun 17, 2003 at 01:17:38AM -0500, Will Trillich wrote:
| > | (certificate and public key seem okay; i'm even able to grok the
| > | syntax to have an authenticator pull password fields out of a
| > | "htpasswd"-created file...)
| >
| > That sounds good.
| >
| > May I suggest using exim or some other Debian tool to verify that exim
| > itself is working with TLS (and/or AUTH)?
| >
| > (the AUTH PLAIN part is easy, using telnet)
|
| i can probably find the exim testing options (didn't think to
| look, of course -- thanks!)
To test AUTH PLAIN :
First enable AUTH without TLS in exim. (I don't remember what the
tricks are with exim 3. If you see "250-AUTH PLAIN" in response
to an EHLO command then this is the case)
Second, properly encode the data to send to the server. Eg for a
user "me" with password "pass" :
$ echo -ne '\0me\0pass' | base64-encode
AG1lAHBhc3M=
Then with telnet try it :
$ telnet localhost smtp
ehlo foo
auth plain AG1lAHBhc3M=
You should see a 2xx (or is it 3xx?) acceptance of the AUTH. If you
see 4xx or 5xx something is wrong, check the logs.
| but "other debian tool" is a bit vague. what would i apt-cache
| search for?
Anything that does ESMTP with STARTLS. I imagine that Mozilla Mail,
KMail, Evolution, and others, do this. I know that mutt does not.
| > BTW, I *think* I have exim working with TLS, but
| > 1) I am using exim 4, not 3.x
|
| i'm using woody/stable:
| $ exim -bV
| Exim version 3.35 #1 built 04-Mar-2002 23:05:40
| Copyright (c) University of Cambridge 2001
Say, just today I noticed that exim4 is in sid now. It looks (based
on expanding the archives and seeing what files are in the package)
like the packagers did a nice job too. The config is now separated
into multiple files in a well-organized fashion based on the sections.
In addition they appear to have included the dynamic loading
local_scan patch available on the 'net. If I wasn't going to end up
with package conflicts from it I'd upgrade to it now :-). YMMV.
| > 2) I don't actually use it apart from testing way back when I
| > configured it, so I don't remember if it is actually there
| > or not. If you want to experiment with it, you're welcome
| > to. Just let me know before hand because, IIRC, I have
| > STARTTLS only advertised to certain clients.
|
| "want to experiment with it" means... what? :)
Meaning use my machine to relay to yourself. You would inject a
message into exim on your machine. Your exim would route it through
my machine and use TLS and AUTH in the processes. If that works, then
you have a functioning TLS set up.
| > Q: What is the difference betwee open-source and commercial software?
| s/wee/ween/
Oops! :-).
| > A: If you have a problem with commercial software you can call a phone
| > number and they will tell you it might be solved in a future version.
| > For open-source sofware there isn't a phone number to call, but you
| > get the solution within a day.
|
| well put!
Shamelessly copied from one of Bram Moolenar's sigs.
-D
--
He who spares the rod hates his son,
but he who loves him is careful to discipline him.
Proverbs 13:24
http://dman.ddts.net/~dman/
Attachment:
pgppp2VgEU_zI.pgp
Description: PGP signature