On Tue, 2007-09-25 at 15:31 +0200, Craig wrote:
> Has anyone on the list managed to get EXIM talking to Exchange on TLS with
> SMTP AUTH.
More than likely... but reading on, I don't believe that's what you want
(at least, not that way round).
> We are using manual routes to forward mail directly to clients Exchange
> servers we find it much better than multidrop mail boxes. However due to
> the fact that our Telephone Company only offers dynamic IP addresses, we are
> forced to use dynamic DNS. This becomes a problem if the DNS does not update
> correcly and we then deliver clients mail to the wrong mail server which
> would bounce all the mail.
>
> Any input and suggestions are always welcome. Even to point me to relevant
> documentation.
Using SMTP AUTH with Exim as a client of the remote servers you would
still be passing your auth tokens - username/password - to a remote
machine, and there's no guarantee that (a) it (the machine) is yours,
and (b) the tokens won't then get misused. Even TLS won't help you, as
that just wraps the data in flight; it has to be decrypted by the far
end before it can tell you that you're wrong.
I'd suggest that instead of using a manualroute you use ETRN instead,
and make the remote Exchange server poll frequently. If its' IP address
changes, nobody cares.
See
http://www.exim.org/exim-html-current/doc/html/spec_html/ch45.html#SECTETRN
for the Exim end; how you make Exchange do this is documented elsewhere.
Graeme