Re: [exim] Re: help on TLS for ext. connection

Página Inicial
Delete this message
Reply to this message
Autor: user therion
Data:  
Para: Exim Users
Assunto: Re: [exim] Re: help on TLS for ext. connection
>You need to allow STARTTLS for TLS to work
(obviously), but further
>traffic can not be inspected (as long as your

firewall has no MITM
>ability), so you can also disable it. Firewalls are a

constant source of
>grief (not only) for smtp, like the infamous Cisco

"f*ckup protocol smtp",
>which prevented ESMTP and therefore AUTH, STARTTLS

etc. (I heard they
>changed this a while ago, though).

hmm..I will try.


>It's not clear to me what you mean.
>"AUTH" is seen twice on the wire:
>1. The smtp client sends "EHLO $whatever" and Exim

replies with it's
>capabilities: AUTH, STARTTLS etc.
>2. The clients knows now what he can use, so does his

AUTH

>If the clients uses STARTTLS, he has to send his EHLO

again after the SSL
>handshake and get a new list of capabilities

(discarding the first one).
well, my thought was as following.
1) exim-config seems ok, because it replies with
STARTTLS-capability on telnet connect
2) the smtp-proxy on firewall has an option to allow
AUTH and an option to allow HEADERS

-> that´s why I thought, can exim reply with STARTTLS
if the STARTTLS-"Header" was removed? ...or are this 2
different things?!



>Do you mean your local clients can relay without

authentication? That's
>because they are in relay_from_hosts.

oh ok! think thats it! I was on the wrong track!
.....will try

thx for your fast reply ;-)


    

    
        
___________________________________________________________
Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de