Rob Brenart wrote:
> Bill Hacker wrote:
>
>> Marc Sherman wrote:
>>
>>> Rob Brenart wrote:
>>>
>>>>
>>>> Thanks for the advice... it is a debian list, so I've asked on the
>>>> exim4 debian user's list and we'll see if I get any hits... in case
>>>> it matters though, I tried your command and received the
>>>> following... but no message delivered. However, I think I see the
>>>> problem, :25... I'm pretty sure I need to be coming in over 465 with
>>>> SSL... trying to find in the docs how to set this now
>>>
>>>
>>>
>>> Exim does not support tls-on-connect (port 465) as a client. You'll
>>> have to use stunnel or something.
>>>
>>> - Marc
>>
>>
>> AFAIK Exim supports tls_on_connect on any port you specify. RTFM.
>>
>> In addition to a menagerie of non-standard ports, I was even trialing
>> it on port 80 a few days ago.
>>
>> Gets around firewalls quite nicely, but throws some weird log entries
>> when search-bots try to crawl a non-existent webpage...
>>
>> ;-)
>>
>> Bill Hacker
>>
>>
> I did RTFM and it claimed it would all "just work", it doesn't... and I
> can't seem to find an entry about how to make it try port 465 instead of 25
>
There is a simpler way to annotate it, but this should cover it all:
=============================================
local_interfaces = <your first IP> : <your next IP>
# Defaults to all if not mentioned.
daemon_smtp_ports = 25 : <second port>: <third port>: <fourth port> :
465 :<fifth port>
# defaults to 25 if not mentioned
tls_on_connect_ports = 465 : <next port> (( those ones will work the
old SSL protocol))
#defaults to none, AFAIK, but runs TLS on all.
#Note that there is no colon after the last entry.
tls_certificate = /usr/local/etc/exim/certs/<your cert filename>
#You did generate & install a cert?
tls_advertise_hosts = *
tls_remember_esmtp = yes
# These to get esmtps // esmtpsa TLS end-to-end with hosts that grok it
auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
# there are variations on this
===============================================
But Mark's point still applies to MUA's (e-mail clients).
- Not all will allow selection of the port you want.
- Many will not allow selection between TLS, and TLS-on-connect,
(which is a new name for the older SSL protocol).
You also need to sort the issue of authentication credentials as to
PLAIN, LOGIN, CRAMD5, SASSL, PEM
- Not all MUA's allow all choices - some make assumptions.
Mozilla Suite mailer is one that will do. There are many others.
HTH,
Bill
