>You need to allow STARTTLS for TLS to work
(obviously), but further
>traffic can not be inspected (as long as your
firewall has no MITM
>ability), so you can also disable it. Firewalls are a
constant source of
>grief (not only) for smtp, like the infamous Cisco
"f*ckup protocol smtp",
>which prevented ESMTP and therefore AUTH, STARTTLS
etc. (I heard they
>changed this a while ago, though).
hmm..I will try.
>It's not clear to me what you mean.
>"AUTH" is seen twice on the wire:
>1. The smtp client sends "EHLO $whatever" and Exim
replies with it's
>capabilities: AUTH, STARTTLS etc.
>2. The clients knows now what he can use, so does his
AUTH
>If the clients uses STARTTLS, he has to send his EHLO
again after the SSL
>handshake and get a new list of capabilities
(discarding the first one).
well, my thought was as following.
1) exim-config seems ok, because it replies with
STARTTLS-capability on telnet connect
2) the smtp-proxy on firewall has an option to allow
AUTH and an option to allow HEADERS
-> that´s why I thought, can exim reply with STARTTLS
if the STARTTLS-"Header" was removed? ...or are this 2
different things?!
>Do you mean your local clients can relay without
authentication? That's
>because they are in relay_from_hosts.
oh ok! think thats it! I was on the wrong track!
.....will try
thx for your fast reply ;-)
___________________________________________________________
Telefonate ohne weitere Kosten vom PC zum PC:
http://messenger.yahoo.de
