At 12:36 AM 7/5/02 , Alain Remont wrote:
...
>I telnet to port 25 and this is what I get.
>
><START>
>220 phenomix.com.au ESMTP Exim 3.35 #1 Fri, 05 Jul 2002 17:29:42 +1000
>EHLO ALAIN
>500 Unrecognized command
>EHLO ALAIN
>250-phenomix.com.au Hello support1 [150.203.7.51]
>250-SIZE
>250-PIPELINING
>250-STARTTLS
>250 HELP
>STARTTLS
>500 Unsupported command.
>AUTH STARTTLS
>504 STARTTLS mechanism not supported
><END>
>
>I use MS Outlook Express as the client and have SSL turned on for both the
>outgoing SMPT and incoming IMAP. I cannot connect to the server with the
>client. ANy ideas?...
My first thought is that STARTTLS is not an authentication mechanism.
Authentication should be performed after the TLS session is started with
either (probably) plaintext or some other type of mechanism (MD5, etc.)
that your client supports. Off the top of my head I believe OE supports
only plaintext.
Here's the output from my Debian/Exim-TLS server:
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220-ferris.jbgreen.com ESMTP Exim 3.33 #1 Fri, 05 Jul 2002 09:46:25 -0700
220 Unsolicited commercial messages are not permitted
ehlo localhost
250-ferris.jbgreen.com Hello root at localhost [127.0.0.1]
250-SIZE
250-ETRN
250-PIPELINING
250-STARTTLS
250 HELP
>STARTTLS
220 OpenSSL/0.9.6beta go ahead
At this point OpenSSL does respond, so I wonder if you have that package
installed. I would think that it's a dependent package for exim-ssl, so I
next wonder what you have for the TLS configuration options. This is mine:
# tls configuration, offer TLS to all
tls_advertise_hosts = *
tls_certificate = /etc/exim/cert.rsa
tls_privatekey = /etc/exim/private.rsa
tls_log_cipher = true
I've never tried to directly communicate with OpenSSL over telnet, but it's
likely waiting for something I can't type in by hand, so I'd go no further
in a telnet session. This is the log entry (/var/log/exim/mainlog) for the
above:
>2002-07-05 09:45:54 TLS error on connection from localhost [127.0.0.1]
(SSL_accept): error:00000000:lib(0):
func(0):reason(0)
>2002-07-05 09:46:42 TLS error on connection from localhost [127.0.0.1]
(SSL_accept): error:140760FC:SSL rou
tines:SSL23_GET_CLIENT_HELLO:unknown protocol
Until OpenSSL responds to STARTTLS in the SMTP session, something in the
package list or configuration of either package is incorrect. You might
want to tail both the mainlog and error.log while testing the process, and
turn on debugging as well.
I've not worked with client TLS sessions yet, only server to server, but
please let me know what you find, it will likely come in handy soon.
Regards,
Jeffrey B. Green Personal Computer Consultant - Las Vegas, Nevada
http://jbgreen.com Networking Las Vegas Since 1986
