[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: configuring exim4 smtp to use SSL

Quoting Gary Dale (garydale@torfree.net):
> On 16/03/15 12:37 PM, Brian wrote:
> >On Mon 16 Mar 2015 at 10:46:25 -0500, David Wright wrote:
> >
> >>Quoting James (bjlockie@lockie.ca):
> >>
> >>>You can't telnet to an ssl port.
> >>>Use:
> >>>openssl s_client -connect [IP]:smtps
> >>I'm sorry if I muddied the waters by suggesting using telnet.
> >>I find it a useful tool to quickly test whether I can reach a port,
> >>whether anything is listening, and whether the response is the same as
> >>I got last time/when things were working, even if that response is
> >>to connect for a few seconds and then disconnect (like 80 does).
> >>And I can get the results from ten differnet ports in one screenful
> >>of text.
> >A slight mistake; but now the OP is back on the right track all he
> >should have to do is issue the helo, mail from:, rcpt to: and data
> >commands to test whether sending mail is possible. If it is he can
> >then take a closer look at his exim setup.
> OK, following the doc at http://www.debianhelp.co.uk/mail.htm, I
> could enter:
> HELO <my domain>

I always use EHLO but have no idea if it makes a difference.

> MAIL FROM <account>@<mydomain>
> 
> but things get interesting when I enter the rcpt to:
> 
> RCPT TO: gary@extremeground.com

Shouldn't that be in <> according to rfc2821?

> RENEGOTIATING
> depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST
> Network, CN = USERTrust RSA Certification Authority
> verify error:num=20:unable to get local issuer certificate
> verify return:0
> 
> After that, I can't enter DATA. It says 503 valid RCPT command must
> precede DATA

Yes, until you see a 250 from RCPT TO: it hasn't been accepted.

> I've tried a few different RCPT TO: addresses but I get the same
> result. Also tried using the ISP's mail server's domain in the HELO
> with the same results.
> 
> I tried creating a local certificate and updating the
> exim4.conf.template with MAIN_TLS_ENABLE = yes but that didn't help
> either.

I don't think those verify items above are necessarily a problem in themselves.
Your sequence of commands (with the changes I suggested) worked for me.

Cheers,
David.
Reply to: