Re: [Exim] Eudora and TLS AUTH

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Mark Foster
Date:  
À: exim-users
Sujet: Re: [Exim] Eudora and TLS AUTH
--
On Fri, Feb 27, 2004 at 10:01:36AM -0500, Matt Soccio wrote:
> I have Andreas Metzler's 4.3 exim-daemon-heavy and gnutls packages
> running on a Debian stable machine and am trying to get Eudora (5.2 or
> 6) to do AUTH over TLS. I have seen the list archives regarding Eudora,
> and have tried running exim on 465 with -tls-on-connect, which didn't
> work. An stunnel solution won't work because I need my virus scanner to
> be able to re-inject mail from the local interface w/o authenticating.
>
> Any time that I try to start a tls session from Eudora, I get these
> errors:
>
> 2004-02-27 08:57:42 TLS recv error on connection from loki.astro.psu.edu
> [128.118.147.196]: A TLS packet with unexpected length was received.
> 2004-02-27 08:57:42 TLS send error on connection from loki.astro.psu.edu
> [128.118.147.196]: The specified session has been invalidated for some
> reason.
>
> I have tried using a backported 0.9.7 version of openssl to see if it
> would make a difference, but it doesn't. Courier is able to negotiate
> tls sessions for imap, so it is either compiled with the SSL_OP options
> that work around bugs, or the problem is with the gnutls package that
> exim is relying on. Before I compile exim from scratch without gnutls
> and move away from the convenience of Debian's update system, I just
> want to see if anyone else is running a similar setup and is
> experiencing problems with Eudora, or if anyone has found a suitable
> workaround.
>

Some things to consider.
Eudora seems to have an interoperability problem...
http://www.eudora.com/qpopper/faq.html#ssl_eudora
and
ssldump (which you can use to watch the details of the SSL handshake).
http://www.rtfm.com/ssldump/

You could also try using
openssl s_client -connect yourmailhost:465 [-ssl3|-tls1]
to see what SSL/TLS versions may or may not be supported.
man s_client for more details about that.
--
Some days it's just not worth chewing through the restraints...
Mark D. Foster, CISSP <mark@???> http://mark.foster.cc/

--
[ Content of type application/pgp-signature deleted ]
--