Re: [exim] www.rellits.com ssl tutorial worked for courier, …

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Tommy Butler at <-
MMChristian Stiller at ->
Delete this message
Reply to this message
Author: Tommy Butler
Date:  
To: Christian Stiller
CC: exim-users
Subject: Re: [exim] www.rellits.com ssl tutorial worked for courier, butnot exim
Christian Stiller wrote:

> Tommy Butler wrote:
>
>> Using the great tutorial/howto for self-signed SSL certs to use with
>> courier MTA and courier IMAP MTA worked just great! Only problem is
>> that exim doesn't work with the certs. I'm using exim4. Does the
>> howto at http://www.rellits.com/rellits/exim.html only work for
>> exim3?? What am I doing wrong?
>
> I didn't see the cert file being referenced in your config.
>
> Try somthing like
>
> tls_certificate = /etc/ssl/certs/smtp.pem
> tls_advertise_hosts = *

Did this. Now I get the following when connecting from my local machine:

tommy@city-it ~
$ telnet mail.cityairlines.net 25
Trying 206.123.72.157...
Connected to mail.cityairlines.net.
Escape character is '^]'.
220 localhost.localdomain ESMTP Exim 4.34 Tue, 14 Dec 2004 13:33:54 -0600
ehlo tommy
250-localhost.localdomain Hello tommy [69.15.114.65]
250-SIZE 52428800
250-PIPELINING
250-STARTTLS
250 HELP
starttls
454 TLS currently unavailable

> in your main section. Once you have done that, you should be able to use
> SSL. Then you can add soemthing like
> 
> accept  authenticated = *
>         encrypted = *

>
> in the ACL to only accept authentication if it was encrypted.

I have to enable both encrypted and unencrypted connections at this time,
although this will not _always_ be the case, as we're all moving to SSL on
monday if I can get this blasted TLS working before I hit the critical point and
become one with the universe.

Now looking at my ACL area, I see that there are many of them. Which ACL do I
ad those lines to? ("Those lines" meaning
accept authenticated = *
and encrypted = *")

(see my current config file with comments preserved at
http://www.cityairlines.net/config.autogenerated)

> (both those things should have been in the howto)

They may have been, I don't recall. I've read so much literature on exim
configuration I think I could puke. But I have seen these things before, and
tried them before. They didn't work then either, although I've gotten further
this last time.
>
> If that doesn't work, let us know what error / message you get...

As shown above, it's:
ehlo tommy
250-localhost.localdomain Hello tommy [69.15.114.65]
250-SIZE 52428800
250-PIPELINING
250-STARTTLS
250 HELP
starttls
454 TLS currently unavailable

I'm googling around for other discussions of this error "454 TLS currently
unavailable" as well.

PS- I changed /etc/mailname, restarted exim4, and it still says
"250-localhost.localdomain Hello tommy [69.15.114.65]" up there...

$ cat /etc/mailname
cityairlines.net

--
Tommy Butler
tommy@???


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] www.rellits.com ssl tutorial worked for courier,butnot eximRE: [exim] PostINI and TLS - SMTP Transport errors->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)