Auteur: Wakko Warner Date: À: Marques Johansson CC: Exim Users Sujet: Re: [Exim] Outlook Express 6 is not authenticating TLS smtp sessions
> Thanks. After adding the following to > /etc/exim4/conf.d/auth/30_exim4-config_examples, OE6 was able to relay
> via LOGIN.
>
> login:
> driver = plaintext
> public_name = LOGIN
> server_prompts = "Username:: : Password::"
> server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
> server_set_id = $1
>
> cram_md5:
> driver = cram_md5
> public_name = CRAM-MD5
> server_secret = ${if saslauthd{{$1}{$2}}{1}{0}}
> server_set_id = $1
If you want to use SPA, copy your cram one. It works the exact same way.
Just change the driver and public_name options.
> SMTP: 23:21:59 [rx] 220 poe.websilo.com ESMTP Exim 4.32 Mon, 24 May 2004
> 23:24:47 -0400
> SMTP: 23:21:59 [tx] EHLO ENGAGE
> SMTP: 23:21:59 [rx] 250-poe.websilo.com Hello
> pcp04134917pcs.maysld01.nj.comcast.net [68.44.183.109]
> SMTP: 23:21:59 [rx] 250-SIZE 52428800
> SMTP: 23:21:59 [rx] 250-PIPELINING
> SMTP: 23:21:59 [rx] 250-AUTH LOGIN CRAM-MD5
> SMTP: 23:21:59 [rx] 250-STARTTLS
> SMTP: 23:21:59 [rx] 250 HELP
> SMTP: 23:21:59 [tx] AUTH LOGIN
> SMTP: 23:21:59 [rx] 334 blahblah
> SMTP: 23:21:59 [tx] blarblar
> SMTP: 23:21:59 [rx] 334 blueblue
> SMTP: 23:21:59 [tx] bleeblee
> SMTP: 23:21:59 [rx] 235 Authentication succeeded
> SMTP: 23:21:59 [tx] MAIL FROM: xxx
> SMTP: 23:21:59 [rx] 250 OK
> SMTP: 23:21:59 [tx] RCPT TO: xxx
> SMTP: 23:21:59 [rx] 250 Accepted
>
>
> Notice how OE6 didn't bother to STARTTLS?
You must enable SSL in outlook. You also have to use port 25 IIRC.
> I am trying to require TLS before any authentication can happen. When I
> try to put 'server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}'
> in the login and cram_md5 blocks (as it has been in my plain_saslauthd
> block), exim no longer appears to advertise any of the auth types, not
> even 'AUTH' which was advertised before.
>
> plain_saslauthd:
> driver = plaintext
> public_name = PLAIN
> # don't send system passwords over unencrypted connections
> server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
> server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
> server_set_id = $2
> server_prompts = :
>
> SMTP: 23:29:28 [tx] EHLO ENGAGE
> SMTP: 23:29:28 [rx] 250-poe.websilo.com Hello
> pcp04134917pcs.maysld01.nj.comcast.net [68.44.183.109]
> SMTP: 23:29:28 [rx] 250-SIZE 52428800
> SMTP: 23:29:28 [rx] 250-PIPELINING
> SMTP: 23:29:28 [rx] 250-STARTTLS
> SMTP: 23:29:28 [rx] 250 HELP
> SMTP: 23:29:28 [tx] MAIL FROM: ...
> SMTP: 23:29:28 [rx] 250 OK
> SMTP: 23:29:28 [tx] RCPT TO: ...
> SMTP: 23:29:28 [rx] 550 relay not permitted
>
>
> Is it possible to do SPA through sasl without a second password file?
> Should exim not advertise AUTH LOGIN CRAM-MD5 until after the client
> does STARTTLS under
> my new configuration? Is OE just not wise enough to handle that?
You don't need to require encryption for cram-md5 as it's already encrypted
in a sense.
--
Lab tests show that use of micro$oft causes cancer in lab animals