Author: Marques Johansson Date: To: Exim Users Subject: Re: [Exim] Outlook Express 6 is not authenticating TLS smtp sessions
Wakko Warner wrote:
>>>I am trying to require TLS before any authentication can happen. When I
>>>try to put 'server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}'
>>>in the login and cram_md5 blocks (as it has been in my plain_saslauthd
>>>block), exim no longer appears to advertise any of the auth types, not
>>>even 'AUTH' which was advertised before.
>>>
>>>
>>it will authenticate as soon as it sees AUTH LOGIN, in preference to
>>STARTTLS. (Who codes for M$ anyway?!?!? Sheeesh) The trick is to
>>advertise things to OE in a certain order. The first EHLO should advert
>>STARTTLS but *not* AUTH, the 2nd EHLO (after TLS starts) must advert AUTH.
>>The way I do this is:
>>
>>
>I'm not sure on this. The only outlook I've tested with is 2000. I have
>tried a few things with OE6, but it's been a while. I was trying to use ssl
>certs as the means to control relaying. Unfortunately oe6, outlook 2000,
>outlook xp won't send a client cert to the server
>
>I successfully configured LOGIN (for outlook), PLAIN (netscape), CRAM-MD5
>(not actually used) and SPA (outlook).
>
> I had turned off "SSL" prior to my test send for another test. When I
turned SSL back on in OE6, and put the "server_advertise_condition" back
in for plain_salsauthd and login, everything worked perfectly. OE6 did
a STARTTLS, then EHLO and AUTH LOGIN.
Are there any other AUTH types for which I can use plain system
authentication? I don't want a second source for passwords. Using
"/usr/sbin/saslauthd -a pam" I was able to get plain and LOGIN working
- is CRAM-MD5 or SPA (NTLM) possible without a clear text password
available? Any Others?