Hi,
I'm currently testing TLS with an 3rd party, and I'm not sure if it's
working correctly. I have added the following lines to the configure file:
In the main configuration section:
tls_advertise_hosts = *
tls_certificate = /home/notesadm/server.crt
tls_privatekey = /home/notesadm/server.pem
In the authentication config section:
tls_authentication:
driver = plaintext
server_advertise_condition = ${if def:tls_cipher}
public_name = LOGIN
Can you see any issues with these settings? I have tested using smtpc and
get the following output, which would confirm it is working??
smtpc: looking up address 127.0.0.1:smtp
smtpc: connecting to 127.0.0.1
smtpc: TLS initialized
smtpc: < 220 Hello, John Lewis ready Mon, 13 Nov 2006 10:13:12 +0000 .
smtpc: > EHLO mccs-mx1t
smtpc: < 250-mccs-mxxt.tiffani.co.uk Hello localhost [127.0.0.1]
smtpc: < 250-SIZE 10485760
smtpc: < 250-PIPELINING
smtpc: < 250-STARTTLS
smtpc: < 250 HELP
smtpc: > STARTTLS
smtpc: < 220 TLS go ahead
smtpc: TLS info: before/connect initialization
smtpc: TLS info: before/connect initialization
smtpc: TLS info: SSLv2/v3 write client hello A
smtpc: TLS info: SSLv3 read server hello A
smtpc: TLS info: SSLv3 read server certificate A
smtpc: TLS info: SSLv3 read server done A
smtpc: TLS info: SSLv3 write client key exchange A
smtpc: TLS info: SSLv3 write change cipher spec A
smtpc: TLS info: SSLv3 write finished A
smtpc: TLS info: SSLv3 flush data
smtpc: TLS info: SSLv3 read finished A
smtpc: TLS info: SSL negotiation finished successfully
smtpc: TLS info: SSL negotiation finished successfully
smtpc: TLS negotiated with
/C=GB/ST=London/L=London/O=JLP/OU=Exim/CN=mccs-mxxt.johnlewis.
co.uk
smtpc: > EHLO mccs-mx1t
smtpc: < 250-mccs-mxxt.tiffani.co.uk Hello localhost [127.0.0.1]
smtpc: < 250-SIZE 10485760
smtpc: < 250-PIPELINING
smtpc: < 250 HELP
smtpc: SMTP AUTH LOGIN not supported
smtpc: > QUIT
smtpc: < 221 mccs-mxxt.tiffani.co.uk closing connection
I've also enabled TLS_certificate_verified in the mainlog. The entry below
is sending a message to a 3rd party that has TLS enabled and functioning:
2006-11-13 10:03:25 1GjYez-0005XM-5F <=xxx_xxx@???
H=(xxxxx-xxxxx.net.JohnLewis.co.uk) [xxx.xx.xxx.xxx] P=esmtp S=4145
id=OF7050B14E.253C9FF0-ON80257225.00371038-80257225.00371DB3@???
2006-11-13 10:03:25 1GjYez-0005XM-5F => xxx.xxx@??? R=dnslookup
T=remote_smtp H=xxxxx.xxxxx.com [xxx.xxx.xx.xxx] X=TLSv1:XXXXXX-XXX:256
2006-11-13 10:03:25 1GjYez-0005XM-5F Completed
The X= shows the TLS cipher, but I don't see any cv=yes or cv=no entries.
Is there any way to definitively confirm that the TLS set up at our end is
all working correctly?
Many thanks,
Alex
**********************************************************************
This email is confidential and may contain copyright material of the John Lewis Partnership. If you are not the intended recipient, please notify us immediately and delete all copies of this message. (Please note that it is your responsibility to scan this message for viruses). Email to and from the John Lewis Partnership is automatically monitored for operational and lawful business reasons.
**********************************************************************
John Lewis plc
Registered in England 233462
Registered office 171 Victoria Street London SW1E 5NN
Websites: http://www.johnlewis.com
http://www.waitrose.com
http://www.greenbee.com
http://www.johnlewispartnership.co.uk
**********************************************************************