[Exim] Exim 4.02 TLS support

Top Page
Delete this message
Reply to this message
Author: James P. Roberts
Date:  
To: exim-users
Subject: [Exim] Exim 4.02 TLS support
Dear Group:

I have recently downloaded Exim 4.02 to my Redhat 7.1 server. I followed all
the directions, etc. I compiled it with TLS support, and saw no errors during
the compile. It appears to work fine, until I ask my Outlook Express 6.0 client
to use TLS... See Outlook Express log:

SMTP: 14:19:27 [rx] 220 puns01.punsterproductions.com ESMTP Exim 4.02 Tue, 02
Apr 2002 14:19:27 -0500
SMTP: 14:19:27 [tx] EHLO puns04
SMTP: 14:19:27 [rx] 250-puns01.punsterproductions.com Hello puns04
[192.168.254.4]
SMTP: 14:19:27 [rx] 250-SIZE 52428800
SMTP: 14:19:27 [rx] 250-PIPELINING
SMTP: 14:19:27 [rx] 250-AUTH CRAM-MD5 PLAIN LOGIN
SMTP: 14:19:27 [rx] 250-STARTTLS
SMTP: 14:19:27 [rx] 250 HELP
SMTP: 14:19:27 [tx] STARTTLS
SMTP: 14:19:27 [rx] 500 Unsupported command.

OK, and now for the interesting part... I launched the Exim daemon with -d
(debug) option, and for the same session, got the following log:

Connection request from 192.168.254.4 port 2247
1 SMTP accept process running
Listening...
host in rfc1413_hosts? yes (matched "*")
doing ident callback
ident connection to 192.168.254.4 failed: Connection refused
sender_fullhost = [192.168.254.4]
sender_rcvhost = [192.168.254.4]
Process 19022 is handling incoming connection from [192.168.254.4]
checking for IP options
no IP options found
host in host_lookup? no (option unset)
set_process_info: 19022 handling incoming connection from [192.168.254.4]
host in host_reject_connection? no (option unset)
host in sender_unqualified_hosts? no (option unset)
host in recipient_unqualified_hosts? no (option unset)
host in helo_verify_hosts? no (option unset)
host in helo_try_verify_hosts? no (option unset)
host in helo_accept_junk_hosts? no (option unset)
LOG: smtp_connection MAIN
SMTP connection from [192.168.254.4] (TCP/IP connection count = 1)
SMTP>> 220 puns01.punsterproductions.com ESMTP Exim 4.02 Tue, 02 Apr 2002

14:19:27 -0500
Process 19022 is ready for new message
smtp_setup_msg entered
SMTP<< EHLO puns04
puns04 in helo_lookup_domains? no (end of list)
sender_fullhost = (puns04) [192.168.254.4]
sender_rcvhost = [192.168.254.4] (helo=puns04)
set_process_info: 19022 handling incoming connection from (puns04)
[192.168.254.4]
localhost 127.0.0.1 mx=-1
host in "localhost"? no (end of list)
host in auth_advertise_hosts? yes (end of list)
host in tls_advertise_hosts? yes (matched "*")
SMTP>> 250-puns01.punsterproductions.com Hello puns04 [192.168.254.4]

250-SIZE 52428800
250-PIPELINING
250-AUTH CRAM-MD5 PLAIN LOGIN
250-STARTTLS
250 HELP
SMTP<< QUIT
SMTP>> 221 puns01.punsterproductions.com closing connection

LOG: smtp_connection MAIN
SMTP connection from (puns04) [192.168.254.4] closed by QUIT
search_tidyup called
child 19022 ended: status=0x0
0 SMTP accept processes now running
Listening...

I draw attention to the fact that Outlook Express thinks it sent a "STARTTLS"
command, but Exim does not think it got one. OE thinks it receives a "500
Unsupported command" but Exim does not report sending it.

Anybody have any ideas? Even a hint for a direction to start looking for a
solution?

I tried telnet to port 25 of the server (puns01.punsterproductions.com), from a
DOS window, and got the same response to EHLO, and the same "500 Unsupported
command" in response to typing in STARTTLS. Exim still did not report sending
this 500 message. Oddly, I distinctly remember getting a proper response from
the server, in such a telnet session, in the wee hours this morning (or last
night, depending on one's definitions). Of course, I was unable to manually
negotiate a TLS session, and the attempt timed out. I have killed and
re-launched the server a few times since then, so it seems unlikely to be a
"stale" TLS connection. The only change to the config file, since last night,
was to add "tls_advertise_hosts = *". (Without this, OE quits without sending
STARTTLS.)

And yes, I compiled with TLS support, and I have my self-signed certificate, key
and Diffie-Helman parameter files set up, readable by Exim user, and specified
in my /etc/exim.conf file. I get no errors when launching, nor when simply
testing the config with "exim -bV."

I am confused as all get-out as to why the client and server logs do not match.

Help!

Jim Roberts
punster@???