Re: exim-tls just says "no, stupid!"

To: debuser <debian-user@lists.debian.org>
Subject: Re: exim-tls just says "no, stupid!"
From: "Derrick 'dman' Hudson" <dman@dman13.dyndns.org>
Date: Tue, 17 Jun 2003 11:42:34 -0400
Message-id: <[🔎] 20030617154234.GA5906@dman13.dyndns.org>
Mail-followup-to: debuser <debian-user@lists.debian.org>
In-reply-to: <[🔎] 20030617061738.GA29369@mail.serensoft.com>
References: <[🔎] 1054568338.1202.3.camel@RedhatServer> <[🔎] 20030616045144.GB12762@mail.serensoft.com> <[🔎] 20030616054245.GA11276@doorstop.net> <[🔎] 20030617061738.GA29369@mail.serensoft.com>

On Tue, Jun 17, 2003 at 01:17:38AM -0500, Will Trillich wrote:
| On Sun, Jun 15, 2003 at 10:42:45PM -0700, Vineet Kumar wrote:

| > What problems have you faced trying to get exim-tls up and
| > running?  I can share my config if you need it.
| 
| well, when i have the tls options enabled, eudora and outhouse
| excess both claim the server doesn't speak ssl/tls -- and
| sniffit shows only "EHLO <hostname>" and "QUIT" from the client,
| even tho telnetting in to port 25 (smtp) shows "STARTTLS" as an
| option.

That's, obviously!, a client bug.  :-)

I recall reading something about Outhouse not supporting STARTTLS and
the "solution" is to run a TLS-always daemon on a separate port.  Then
tell outhouse to use that other port instead.  Kinda like HTTP vs.
HTTPS where it's an all-or-nothing deal (even though STARTTLS is a
better approach).

| (certificate and public key seem okay; i'm even able to grok the
| syntax to have an authenticator pull password fields out of a
| "htpasswd"-created file...)

That sounds good.

May I suggest using exim or some other Debian tool to verify that exim
itself is working with TLS (and/or AUTH)?

(the AUTH PLAIN part is easy, using telnet)

| (not to mention what machinations i have to do to the windo~1
| client software to get it to grok tls correctly...)

This is where things get icky.  But that's just M********.  You're
well aware of that already, though.  That's why I recommend using
well-known and well-documented (debian) tools to verify your exim
config before attempting to jump through hoops in Redmond.

BTW, I *think* I have exim working with TLS, but
    1)  I am using exim 4, not 3.x
    2)  I don't actually use it apart from testing way back when I
            configured it, so I don't remember if it is actually there
            or not.  If you want to experiment with it, you're welcome
            to.  Just let me know before hand because, IIRC, I have
            STARTTLS only advertised to certain clients.

HTH,
-D

-- 
Q: What is the difference betwee open-source and commercial software?
A: If you have a problem with commercial software you can call a phone
   number and they will tell you it might be solved in a future version.
   For open-source sofware there isn't a phone number to call, but you
   get the solution within a day.
 
http://dman.ddts.net/~dman/

Attachment: pgpy9PGln67kS.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: exim-tls just says "no, stupid!"
  - From: Will Trillich <will@serensoft.com>
- Re: exim-tls just says "no, stupid!"
  - From: Vineet Kumar <debian-user@virtual.doorstop.net>

References:
- ssh or VPN
  - From: Vivek Kumar <vivek@gorave.net>
- Re: ssh or VPN
  - From: Will Trillich <will@serensoft.com>
- Re: exim-tls or VPN
  - From: Vineet Kumar <debian-user@virtual.doorstop.net>
- exim-tls just says "no, stupid!"
  - From: Will Trillich <will@serensoft.com>

Prev by Date: Re: Where to keep .gnupg?
Next by Date: Re: Partially broken tasksel after dist-upgrade
Previous by thread: exim-tls just says "no, stupid!"
Next by thread: Re: exim-tls just says "no, stupid!"
Index(es):
- Date
- Thread