Re: [Exim] TLS Issue

Top Page
Delete this message
Reply to this message
Author: John P Connor
Date:  
To: Philip Hazel
CC: exim-users
Subject: Re: [Exim] TLS Issue
Philip Hazel wrote:
> I presume you mean MAIL FROM and not just FROM.


Correct. Typo on my part when transcribing the log. Also, it is Exchange
2000 at the other end, not 5.5.

<snip>

> If this is a TLS issue, my suspicion is that the client is not
> issuing a new EHLO after setting up the TLS session, as it is
> supposed to do. RFC 2487 says "The client SHOULD send an EHLO command
> as the first command after a successful TLS negotiation." OK, it's
> only a SHOULD, but...
>


Yes, I think you're correct. Looking more closely at the Exchange log, we
see:

EHLO erniepdc.ernie.mshome
250 oldfield Hello exc [10.10.10.1]
STARTTLS
220 TLS go ahead
MAIL FROM:<Administrator@???> SIZE=593,

.. and then we get the error I described. So Exim is in SMTP mode but
Exchange is still in ESMTP mode.

> That RFC also says "The server MUST discard any knowledge obtained
> from the client", and that is what Exim is doing.


Trust Microsoft not to follow RFCs. I am no Exchange admin (I avoid Windows
as much as I can), but afaik there is no way to circumvent this behaviour.
If I turn ESMTP off, I don't get the option to use TLS anyway. I wonder if
anyone else has experience with this? Do you think we need a new Exim option
to work round this?


Cheers

John