Re: configuring exim4 smtp to use SSL
Quoting Gary Dale (garydale@torfree.net):
> On 16/03/15 12:37 PM, Brian wrote:
> >On Mon 16 Mar 2015 at 10:46:25 -0500, David Wright wrote:
> >
> >>Quoting James (bjlockie@lockie.ca):
> >>
> >>>You can't telnet to an ssl port.
> >>>Use:
> >>>openssl s_client -connect [IP]:smtps
> >>I'm sorry if I muddied the waters by suggesting using telnet.
> >>I find it a useful tool to quickly test whether I can reach a port,
> >>whether anything is listening, and whether the response is the same as
> >>I got last time/when things were working, even if that response is
> >>to connect for a few seconds and then disconnect (like 80 does).
> >>And I can get the results from ten differnet ports in one screenful
> >>of text.
> >A slight mistake; but now the OP is back on the right track all he
> >should have to do is issue the helo, mail from:, rcpt to: and data
> >commands to test whether sending mail is possible. If it is he can
> >then take a closer look at his exim setup.
> OK, following the doc at http://www.debianhelp.co.uk/mail.htm, I
> could enter:
> HELO <my domain>
I always use EHLO but have no idea if it makes a difference.
> MAIL FROM <account>@<mydomain>
>
> but things get interesting when I enter the rcpt to:
>
> RCPT TO: gary@extremeground.com
Shouldn't that be in <> according to rfc2821?
> RENEGOTIATING
> depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST
> Network, CN = USERTrust RSA Certification Authority
> verify error:num=20:unable to get local issuer certificate
> verify return:0
>
> After that, I can't enter DATA. It says 503 valid RCPT command must
> precede DATA
Yes, until you see a 250 from RCPT TO: it hasn't been accepted.
> I've tried a few different RCPT TO: addresses but I get the same
> result. Also tried using the ISP's mail server's domain in the HELO
> with the same results.
>
> I tried creating a local certificate and updating the
> exim4.conf.template with MAIN_TLS_ENABLE = yes but that didn't help
> either.
I don't think those verify items above are necessarily a problem in themselves.
Your sequence of commands (with the changes I suggested) worked for me.
Cheers,
David.
Reply to: