On Tue, Jun 17, 2003 at 11:53:42AM -0500, Will Trillich wrote: | On Tue, Jun 17, 2003 at 11:42:34AM -0400, Derrick 'dman' Hudson wrote: | > On Tue, Jun 17, 2003 at 01:17:38AM -0500, Will Trillich wrote: | > | (certificate and public key seem okay; i'm even able to grok the | > | syntax to have an authenticator pull password fields out of a | > | "htpasswd"-created file...) | > | > That sounds good. | > | > May I suggest using exim or some other Debian tool to verify that exim | > itself is working with TLS (and/or AUTH)? | > | > (the AUTH PLAIN part is easy, using telnet) | | i can probably find the exim testing options (didn't think to | look, of course -- thanks!) To test AUTH PLAIN : First enable AUTH without TLS in exim. (I don't remember what the tricks are with exim 3. If you see "250-AUTH PLAIN" in response to an EHLO command then this is the case) Second, properly encode the data to send to the server. Eg for a user "me" with password "pass" : $ echo -ne '\0me\0pass' | base64-encode AG1lAHBhc3M= Then with telnet try it : $ telnet localhost smtp ehlo foo auth plain AG1lAHBhc3M= You should see a 2xx (or is it 3xx?) acceptance of the AUTH. If you see 4xx or 5xx something is wrong, check the logs. | but "other debian tool" is a bit vague. what would i apt-cache | search for? Anything that does ESMTP with STARTLS. I imagine that Mozilla Mail, KMail, Evolution, and others, do this. I know that mutt does not. | > BTW, I *think* I have exim working with TLS, but | > 1) I am using exim 4, not 3.x | | i'm using woody/stable: | $ exim -bV | Exim version 3.35 #1 built 04-Mar-2002 23:05:40 | Copyright (c) University of Cambridge 2001 Say, just today I noticed that exim4 is in sid now. It looks (based on expanding the archives and seeing what files are in the package) like the packagers did a nice job too. The config is now separated into multiple files in a well-organized fashion based on the sections. In addition they appear to have included the dynamic loading local_scan patch available on the 'net. If I wasn't going to end up with package conflicts from it I'd upgrade to it now :-). YMMV. | > 2) I don't actually use it apart from testing way back when I | > configured it, so I don't remember if it is actually there | > or not. If you want to experiment with it, you're welcome | > to. Just let me know before hand because, IIRC, I have | > STARTTLS only advertised to certain clients. | | "want to experiment with it" means... what? :) Meaning use my machine to relay to yourself. You would inject a message into exim on your machine. Your exim would route it through my machine and use TLS and AUTH in the processes. If that works, then you have a functioning TLS set up. | > Q: What is the difference betwee open-source and commercial software? | s/wee/ween/ Oops! :-). | > A: If you have a problem with commercial software you can call a phone | > number and they will tell you it might be solved in a future version. | > For open-source sofware there isn't a phone number to call, but you | > get the solution within a day. | | well put! Shamelessly copied from one of Bram Moolenar's sigs. -D -- He who spares the rod hates his son, but he who loves him is careful to discipline him. Proverbs 13:24 http://dman.ddts.net/~dman/
Attachment:
pgppp2VgEU_zI.pgp
Description: PGP signature