[exim] Outlook 2003 wont STARTTLS

Top Page
Delete this message
Reply to this message
Author: David Purton
Date:  
To: exim-users
Subject: [exim] Outlook 2003 wont STARTTLS
Hi,

I'm having trouble getting Outlook 2003 SP2 to authenticate. I have had
success with both Thunderbird and Outlook 2007.

To be honest I am completely confused as to what is wrong.

This is what I want:

Exim to listen on part 587
advertise STARTTLS to everyone
advertise AUTH PLAIN (using saslauthd) only after STARTTLS has been
      negatiated
allow relay only for authenticated users



Seems pretty standard and from what I can gather some people at least
have this configuration working with outlook 2003 SP2.


But as best I can figure, outlook never actually starts tls.

...
13:45:57 19885 host in tls_advertise_hosts? yes (matched "*")
13:45:57 19885 SMTP>> 250-mail.marshwiggle.net Hello
mail.haeseandharris.com.au [150.101.29.94]
13:45:57 19885 250-SIZE 52428800
13:45:57 19885 250-PIPELINING
13:45:57 19885 250-STARTTLS
13:45:57 19885 250 HELP
13:45:57 19885 SMTP<< MAIL FROM: <david@???>
...


I've tried just about every conceivable permutation of ports, ssl, spa,
etc that outlook offers, but with no joy.

I've managed to get Outlook to work with a postfix server using the
setup I want, but not exim.

Is there some setting in Exim I'm missing? Or something with Outlook
that somebody can suggest?

I really can't afford to waste more time on this and it's driving me
nuts.

System details below.


cheers

dc


The version of Outlook 2003 SP2 is fully update to date and patched.
It's version info says it is Outlook 2003 (11.8118.8132) SP2.



I'm running Debian etch and exim 4.63

# exim -bV
Exim version 4.63 #1 built 20-Jan-2007 10:42:32
Copyright (c) University of Cambridge 2006
Berkeley DB: Sleepycat Software: Berkeley DB 4.3.29: (September 6, 2005)
Support for: crypteq iconv() IPv6 PAM Perl GnuTLS move_frozen_messages Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /var/lib/exim4/config.autogenerated


Relavant parts of config are:

.ifdef MAIN_TLS_ENABLE
.ifndef MAIN_TLS_ADVERTISE_HOSTS
MAIN_TLS_ADVERTISE_HOSTS = *
.endif
tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS

.ifdef MAIN_TLS_CERTKEY
tls_certificate = MAIN_TLS_CERTKEY
.else
.ifndef MAIN_TLS_CERTIFICATE
MAIN_TLS_CERTIFICATE = CONFDIR/exim.crt
.endif
tls_certificate = MAIN_TLS_CERTIFICATE

.ifndef MAIN_TLS_PRIVATEKEY
MAIN_TLS_PRIVATEKEY = CONFDIR/exim.key
.endif
tls_privatekey = MAIN_TLS_PRIVATEKEY
.endif

.ifndef MAIN_TLS_VERIFY_CERTIFICATES
MAIN_TLS_VERIFY_CERTIFICATES = ${if exists{/etc/ssl/certs/ca-certificates.crt}\
                                    {/etc/ssl/certs/ca-certificates.crt}\
                                    {/dev/null}}
.endif
tls_verify_certificates = MAIN_TLS_VERIFY_CERTIFICATES


.ifdef MAIN_TLS_VERIFY_HOSTS
tls_verify_hosts = MAIN_TLS_VERIFY_HOSTS
.endif

.ifndef MAIN_TLS_TRY_VERIFY_HOSTS
MAIN_TLS_TRY_VERIFY_HOSTS = *
.endif
tls_try_verify_hosts = MAIN_TLS_TRY_VERIFY_HOSTS

.endif



begin authenticators

plain_saslauthd_server:
driver = plaintext
public_name = PLAIN
server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
server_set_id = $auth2
server_prompts = :
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
.endif



--
David Purton
Haese & Harris Publications
Email: david@???
Web: www.haeseandharris.com.au
Phone: +61 8 8355 9444
Fax: +61 8 8355 9471