* Derrick 'dman' Hudson (dman@dman13.dyndns.org) [030617 09:43]: > On Tue, Jun 17, 2003 at 01:17:38AM -0500, Will Trillich wrote: > | On Sun, Jun 15, 2003 at 10:42:45PM -0700, Vineet Kumar wrote: > > | > What problems have you faced trying to get exim-tls up and > | > running? I can share my config if you need it. > | > | well, when i have the tls options enabled, eudora and outhouse > | excess both claim the server doesn't speak ssl/tls -- and > | sniffit shows only "EHLO <hostname>" and "QUIT" from the client, > | even tho telnetting in to port 25 (smtp) shows "STARTTLS" as an > | option. > > That's, obviously!, a client bug. :-) > > I recall reading something about Outhouse not supporting STARTTLS and > the "solution" is to run a TLS-always daemon on a separate port. Then > tell outhouse to use that other port instead. Kinda like HTTP vs. > HTTPS where it's an all-or-nothing deal (even though STARTTLS is a > better approach). What I recall is that it does crazy things behind your back. Basically, if you tell it to do TLS, then if you specify port 25, it tries STARTTLS. If you use any other port (i.e. 465) it does SMTP/SSL. As per dman's suggestions, avoiding this craziness while testing is a good idea. Probably testing with Mozilla Mail is a good bet. I'm attaching an excerpt from my exim.conf (3.x). good times, Vineet -- http://www.doorstop.net/ -- --Nick Moffitt A: No. Q: Should I include quotations after my reply?
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
received_header_text = "Received: \
${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\
{${if def:sender_ident {from ${sender_ident} }}\
${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}\
by ${primary_hostname} \
${if def:received_protocol {with ${received_protocol}}} \
${if def:tls_cipher {\n\t(Cipher ${tls_cipher}) }}\
${if def:tls_peerdn {(PeerDN ${tls_peerdn}) }}\
(Exim ${version_number} #${compile_number} (Debian))\n\t\
id ${message_id}\
${if def:received_for {\n\tfor <$received_for>}}"
# When Exim is built with support for TLS encrypted connections, the
# availability of the STARTTLS command to set up an encrypted session is
# advertised only to those client hosts that match this option. See chapter
# 38 for details of Exim's support for TLS.
tls_advertise_hosts = *
# The value of this option is expanded, and must then be the absolute path to
# a file which contains the server's certificate.
#tls_certificate = /etc/ssl/certs/exim.pem
tls_certificate = /etc/exim/exim.pem
# The value of this option is expanded, and must then be the absolute path to
# a file which contains the server's private key.
#tls_privatekey = /etc/ssl/private/exim.pem
tls_privatekey = /etc/exim/exim.pem
# Paramter file for Diffie-Hellman parameters - see dhparam(1ssl)
tls_dhparam = /etc/exim/exim.pem
# Require use of TLS for use of SMTP AUTH for which hosts?
auth_over_tls_hosts = *
# With this option is set, the cipher which was used to transmit a message is
# logged using the tag `X='. This applies to both incoming and outgoing
# messages.
tls_log_cipher = true
# With this option is set, the Distinguished Name of the server's certificate
# is logged, using the tag `DN=', for all outgoing messages delivered over
# TLS. For incoming messages, the DN from the client's certificate is logged
# if a certificate was requested from the client (see tls_verify_certificates).
tls_log_peerdn = true
Attachment:
signature.asc
Description: Digital signature