RE: [exim] Exim3+ TLS

Top Page
Delete this message
Reply to this message
Author: cslinx
Date:  
To: 'Christian Recktenwald'
CC: exim-users
Subject: RE: [exim] Exim3+ TLS

Hi Christian,

Thanks for the prompt reply.

We are trying to fix the settings on the mail server for both cases.
As mentioned before, it was tested and was working fine until recently.
We have used mostly the default settings provided by Exim3 TLS.
Hence, we are now trying to guess what has gone wrong or changed.

Our guess:
Can both cases be related to the expiry of the OpenSSL cert used for
TLS?


As there are so many options in Exim, will appreciate if someone can
recommend the best practises for a secure and workable Exim
configuration.

Thanks!

/regards

-----Original Message-----
From: Christian Recktenwald [mailto:exim-users-dist@citecs.de]
Sent: June 17, 2005 5:00 PM
To: cslinx
Cc: exim-users@???
Subject: Re: [exim] Exim3+ TLS


On Fri, Jun 17, 2005 at 03:20:02PM +0800, cslinx wrote:
>
> Hi,
>
> I've managed to setup Exim 3 successfully sometime ago but now I
> encounter the following errors when I tried to send an email to my
> account:
>
> <myaccount@???>:
> Remote host said: 550 5.0.0 <myaccount@???>... RCPT TO:
> <myaccount@???> Relaying not allowed - please use SMTP AUTH
> [RCPT_TO]


This means your provider wants you to authenticate using SMTP auth. You
need a login and password (perhaps identical to your indial data).

From the exim documentation:

[ http://www.exim.org/exim-html-3.30/doc/html/spec_19.html#SEC554 ]

authenticate_hosts (smtp)

Type: host list
Default: unset

This option is available only when Exim is built to contain support
for
at least one of the SMTP authentication mechanisms. It provides a list
of servers to which, provided they announce authentication support,
Exim
will attempt to authenticate as a client when it connects. See chapter
35 for details.

> On a separate case but using the same mail server, I also encounter
> the following error when I try sending an email using Outlook (the
> same email is successful if I use Yahoo! Mail) :
>
>    ----- The following addresses had permanent fatal errors -----
> <myaccount@???>
>     (reason: 554 Security failure)

>
>    ----- Transcript of session follows -----
> ... while talking to mail.xxx.com.:
> >>> STARTTLS
> <<< 454 OpenSSL/0.9.6beta currently unavailable
> >>> MAIL From:<myaccount@???> SIZE=897
> <<< 554 Security failure
> 554 5.0.0 Service unavailable


You can not send TLS Mail there because the remote side is
misconfigured.
It announces STARTTLS but then it fails.
Please talk to xxx.com about fixing this.

-- 
Christian Recktenwald      :                         :
citecs GmbH                : exim-users-dist@???
Unternehmensberatung fuer  : voice +49 711 601 2090  : Boeblinger
Strasse 189
EDV und Telekommunikation  : fax   +49 711 601 2092  : D-70199 Stuttgart


Send instant messages to your online friends http://asia.messenger.yahoo.com