Re: [Exim] Outlook Express 6 is not authenticating TLS smtp …

Top Page
Delete this message
Reply to this message
Author: Marques Johansson
Date:  
To: Exim Users
Subject: Re: [Exim] Outlook Express 6 is not authenticating TLS smtp sessions
Wakko Warner wrote:

>>>I am trying to require TLS before any authentication can happen. When I
>>>try to put 'server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}'
>>>in the login and cram_md5 blocks (as it has been in my plain_saslauthd
>>>block), exim no longer appears to advertise any of the auth types, not
>>>even 'AUTH' which was advertised before.
>>>
>>>
>>it will authenticate as soon as it sees AUTH LOGIN, in preference to
>>STARTTLS. (Who codes for M$ anyway?!?!? Sheeesh) The trick is to
>>advertise things to OE in a certain order. The first EHLO should advert
>>STARTTLS but *not* AUTH, the 2nd EHLO (after TLS starts) must advert AUTH.
>>The way I do this is:
>>
>>
>I'm not sure on this. The only outlook I've tested with is 2000. I have
>tried a few things with OE6, but it's been a while. I was trying to use ssl
>certs as the means to control relaying. Unfortunately oe6, outlook 2000,
>outlook xp won't send a client cert to the server
>
>I successfully configured LOGIN (for outlook), PLAIN (netscape), CRAM-MD5
>(not actually used) and SPA (outlook).
>
>

I had turned off "SSL" prior to my test send for another test. When I
turned SSL back on in OE6, and put the "server_advertise_condition" back
in for plain_salsauthd and login, everything worked perfectly. OE6 did
a STARTTLS, then EHLO and AUTH LOGIN.

SMTP: 10:38:27 [rx] 220 poe.websilo.com ESMTP Exim 4.32 Tue, 25 May 2004
10:41:17 -0400
SMTP: 10:38:27 [tx] EHLO ENGAGE
SMTP: 10:38:27 [rx] 250-poe.websilo.com Hello blah.nj.comcast.net
[12.34.56.78]
SMTP: 10:38:27 [rx] 250-SIZE 52428800
SMTP: 10:38:27 [rx] 250-PIPELINING
SMTP: 10:38:27 [rx] 250-STARTTLS
SMTP: 10:38:27 [rx] 250 HELP
SMTP: 10:38:27 [tx] STARTTLS
SMTP: 10:38:27 [rx] 220 TLS go ahead
SMTP: 10:38:27 [tx] EHLO ENGAGE
SMTP: 10:38:27 [rx] 250-poe.websilo.com Hello blah.nj.comcast.net
[12.34.56.78]
SMTP: 10:38:27 [rx] 250-SIZE 52428800
SMTP: 10:38:27 [rx] 250-PIPELINING
SMTP: 10:38:27 [rx] 250-AUTH PLAIN LOGIN
SMTP: 10:38:27 [rx] 250 HELP
SMTP: 10:38:27 [tx] AUTH LOGIN
SMTP: 10:38:27 [rx] 334 asdasd
SMTP: 10:38:27 [tx] asdasd
SMTP: 10:38:27 [rx] 334 asdsada
SMTP: 10:38:27 [tx] asdasda
SMTP: 10:38:27 [rx] 235 Authentication succeeded
SMTP: 10:38:27 [tx] MAIL FROM: xyz
SMTP: 10:38:27 [rx] 250 OK
SMTP: 10:38:27 [tx] RCPT TO: zyx
SMTP: 10:38:27 [rx] 250 Accepted
SMTP: 10:38:27 [tx] DATA


Are there any other AUTH types for which I can use plain system
authentication? I don't want a second source for passwords. Using
"/usr/sbin/saslauthd -a pam" I was able to get plain and LOGIN working
- is CRAM-MD5 or SPA (NTLM) possible without a clear text password
available? Any Others?

--
Marques Johansson
marques@???