Re: [exim] Outlook, Exim and TLS.

Top Page
Delete this message
Reply to this message
Author: Drew Calcott
Date:  
To: 'exim-users@exim.org'
Subject: Re: [exim] Outlook, Exim and TLS.
Oh dear.

Thank you all very much for your suggestions, everyone. As it turns out, I'm
chasing the wrong thing. Outlook obviously sends it's auth details in a
different format, as is evidenced by what I can see from the debug logs:

From thunderbird:

15925 Calling gnutls_record_recv(622470, 624660, 4096)
15925 SMTP<< AUTH PLAIN *string*
15925 Running PAM authentication for user "acal030"
15925 PAM success
15925 plain authenticator:
15925 $auth1 =
15925 $auth2 = acal030
15925 $auth3 = *password*
15925 $1 =
15925 $2 = acal030
15925 $3 = *password*
15925 expanded string: true
15925 SMTP>> 235 Authentication succeeded

And when coming from outlook:

15932 Calling gnutls_record_recv(622470, 624440, 4096)
15932 SMTP<< *string*
15932 SMTP>> 334 UGFzc3dvcmQ6
15932 tls_do_write(5de8e0, 18)
15932 gnutls_record_send(SSL, 5de8e0, 18)
15932 outbytes=18
15932 Calling gnutls_record_recv(622470, 624440, 4096)
15932 SMTP<< eXVtNDJ2Nm8=
15932 Running PAM authentication for user "*password*"
15932 PAM error: Error in service module
15932 login authenticator:
15932 $auth1 = acal030
15932 $auth2 = *password*
15932 $1 = acal030
15932 $2 = *password*
15932 expansion failed: Error in service module
15932 SMTP>> 435 Unable to authenticate at present


I assume there is something wrong with the auth definitions in exim.conf...


begin authenticator

  plain:
    driver              = plaintext
    public_name         = PLAIN
    server_prompts      = :
    server_condition    = ${if pam{${extract{1}{@}{${auth2}}}:${sg{$auth3}{:}{::}}}}
    server_set_id       = $auth2


  login:
    driver              = plaintext    public_name         = LOGIN
    server_prompts      = Username:: : Password::
    server_condition    = ${if pam{${extract{1}{@}{${auth2}}}:${sg{$auth3}{:}{::}}}}
    server_set_id       = $auth1


Anyone have any suggestions as to how to clean that up, or am I barking up the
wrong tree again?


---
Drew Calcott
Linux System Administrator
Science IT
University of Auckland
(p) +64 9 373 7599 x84269


Chambers, Phil wrote:
>
>> -----Original Message-----
>> From: exim-users-bounces@???
>> [mailto:exim-users-bounces@exim.org] On Behalf Of Drew Calcott
>> Sent: Tue 09 December 2008 01:25
>> To: exim-users@???
>> Subject: [exim] Outlook, Exim and TLS.
>>
>> I'm having a problem on our department mail server with
>> trying to get Outlook
>> 2k3 and 2k7 to send mail with TLS.
>>
>
> I set our exim up with 2k3 and have not had reports of problems with 2k7.
>
> As has already been reported 2k3 takes the SSL option to mean TLS when the port is 25 and SSL on any other port. So, I set up exim to listen on ports 25 and 25, 465 and 587, with the option 'tls_on_connect_ports 465'. (Port 465 is the accepted port for SMTPs.)
>
> You did not mention authenticated SMTP but I believe 2k3 requires LOGIN. I have an authenticator based on section 34.4 in the Exim spec. It contains the following:
>
>   login:
>     driver = plaintext
>     public_name = LOGIN
>     server_prompts = Username:: : Password::
>     server_condition = ${if .....}
>     server_set_id = $1
>     server_advertise_condition = ${if .....}

>
> $1 contains the username and $2 contains the password.
>
> You then configure Outlook to use SSL on port 465. Do not tick the SPA option.
>
> Hope this helps,
>
> Phil.
> --------------------
> Phil Chambers
> Postmaster
> University of Exeter
>