Re: exim failure

To: debian-user@lists.debian.org
Subject: Re: exim failure
From: David Wright <deblis@lionunicorn.co.uk>
Date: Sat, 25 Mar 2023 23:34:54 -0500
Message-id: <ZB/Lbgn/3OE2loaZ@axis.corp>
Reply-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 5319ac62b1294b2290d3d14a6cd8b7ff@easthope.ca>
References: <[🔎] ZB52J1AguGBUmLog@axis.corp> <[🔎] 5319ac62b1294b2290d3d14a6cd8b7ff@easthope.ca>

On Sat 25 Mar 2023 at 19:47:35 (-0700), peter@easthope.ca wrote:
> > That looks fine, and shows that you're going to send through their
> > port 465, which will require TLS and authentication. So first you need
> > to encode your username and password with:
> > 
> >  $ echo -e -n '\0username\0password' | base64
> > ...
> 
> I logged in at https://islandhosting.com/login , dug down a few layers
> and lucked onto this.
> 
> "Mail Client Manual Settings
>   ...
> Secure SSL/TLS Settings (Recommended)
> Username: 	peter@easthope.ca
> Password: 	Use the email account¶s password.
> Incoming Server: 	mail.easthope.ca
> 
>     IMAP Port: 993 POP3 Port: 995
> 
> Outgoing Server: 	mail.easthope.ca
> 
>     SMTP Port: 465
> 
> IMAP, POP3, and SMTP require authentication."

Yes, I got similar but unpersonalised information at:
https://islandhosting.com/knowledgebase/21/How-do-I-configure-my-email-client.html

> No mention of STARTTLS or TLS on connect.

No, just the bit above here: "Secure SSL/TLS Settings (Recommended)"

> Tried this
> interactive run.
> 
> $ openssl s_client -starttls smtp -crlf -connect mail.easthope.ca:465

In the first instance, just try sending a test message using the
commands I gave, except starting off with:

  $ openssl s_client -crlf -connect mail.easthope.ca:465

After the certificate stuff, you should then see lines like:

  ---
  No client certificate CA names sent
  Peer signing digest: SHA256
  Peer signature type: RSA
  Server Temp Key: ECDH, P-256, 256 bits
  ---
  SSL handshake has read 5093 bytes and written 409 bytes
  Verification: OK
  ---
  New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
  Server public key is 2048 bit
  Secure Renegotiation IS supported
  Compression: NONE
  Expansion: NONE
  No ALPN negotiated
  SSL-Session:
      Protocol  : TLSv1.2
      Cipher    : ECDHE-RSA-AES256-GCM-SHA384
      Session-ID: EFD2B3AEAA0931063329DA3A26017182365DAA6C5EDC7298FBBB291B8A02752E
      Session-ID-ctx:
      Master-Key:
  +89062342EF919B2EA24ABCBB5C66D643553A888C430BC18E5B764431F31BAC4B949E72DE0910ACB367ADC6B0F9337133
      PSK identity: None
      PSK identity hint: None
      SRP username: None
      Start Time: 1679801072
      Timeout   : 7200 (sec)
      Verify return code: 0 (ok)
      Extended master secret: no
  ---
  220 hornby.islandhosting.com ESMTP server ready at Sat, 25 Mar 2023 21:33:16 -0700
→ EHLO dalton.invalid
  250-hornby.islandhosting.com Hello ip12-345-678-90.ks.ks.cox.net [12.345.678.90]
  250-SIZE 52428800
  250-8BITMIME
  250-PIPELINING
  250-PIPECONNECT
  250-AUTH PLAIN LOGIN
  250-SMTPUTF8
  250 HELP

And you carry on from there with:

  AUTH PLAIN encodedstring

and so on.

Cheers,
David.

Reply to:

References:
- Re: exim failure
  - From: David Wright <deblis@lionunicorn.co.uk>
- Re: exim failure
  - From: peter@easthope.ca

Prev by Date: Re: exim failure
Next by Date: What's the correct procedure for replacing a DKMS module when it's upstreamed?
Previous by thread: Re: exim failure
Next by thread: Re: exim failure
Index(es):
- Date
- Thread