Re: [Exim] TLS Issues

Top Pagina
Delete this message
Reply to this message
Auteur: Łukasz Grochal
Datum:  
Aan: exim-users
Onderwerp: Re: [Exim] TLS Issues
Ben Lutgens <blutgens@???> writes:

> I'm spawning a second exim with -d9 on port 465 to test and this is
> what I get when I try to send.


No, no... that's not TLS in SMTP sense.

There are two approaches to connection encryption (and you've apparently
ended up trying to mix both of them):
1) to encrypt it from the very beginning, putting the whole session
into an encrypted tunnel. That's how POP over SSL and IMAP over SSL
work. This requires the encryption capable daemon to listen on
a separate port.
2) the one Exim understands - to start a connection on a standard
port (25), check if the peer can speak TLS (by issuing EHLO) as
a client or advertise this ability (in EHLO response) as a server
and then initiate encryption negotiation with STARTTLS command.

As far as I remember, both Outlook Express and Mozilla/Netscape can do
the latter. It however seems that what your mail clients try to do,
is to use the first one mentioned. If you really need to do this,
try using stunnel as a proxy/wrapper for exim sitting on a standard
port.

Regards,

--
(-) Łukasz Grochal                                  lukie@???
                                                  (for PGP key visit:)
_____________________________________________ http://www.rotfl.eu.org/ __
... all in all it's just another rule in the firewall.       /Ping Flood/