John Doe wrote:
> Hi,
>
> is there a know problem (even though google did not find any) with Apple Mail and SSL...?
There WAS.
Years ago it made assumptions that were not always valid and that it had no
readily-accessable knobs to alter.
I *beleive* that was fixed around OS X 10.3.X or so - BUT more recently than 5
years back I plead ignorance, as I always, always, always replace Apple's mailer
with a proper MUA. Usually SeaMonkey's - which is very standards-compliant AND
easy to adjust.
Not to mention the Mac needs better browsers than wot Apple ships anyway.
>
> I setup authentication like that:
>
>
> tls_advertise_hosts = *
> tls_certificate = /etc/pki/tls/certs/exim.pem
> tls_privatekey = /etc/pki/tls/private/exim.pem
> log_selector = +tls_cipher +tls_peerdn
>
> tls_on_connect_ports = 465
>
> PLAIN:
> driver = plaintext
> public_name = PLAIN
> server_prompts = :
> server_condition = ${lookup mysql{AUTH_PLAIN_QUERY}{1}fail}
> server_advertise_condition = ${if def:tls_cipher}
> server_set_id = $auth2
>
> LOGIN:
> driver = plaintext
> public_name = LOGIN
> server_prompts = <| Username: | Password:
> server_condition = ${lookup mysql{AUTH_LOGIN_QUERY}{1}fail}
> server_advertise_condition = ${if def:tls_cipher}
> server_set_id = $auth1While it works fine with Thunderbird, Apple Mail just stall for 1mn and give up...
> And exim logs just says it failed...
>
> I also tried (found on some forum):
>
> server_prompts = "Username:: : Password::"
>
> But it did not help... any idea?
>
> Thx,
> JD
>
Scrap the Apple MUA.
It ain't worth the bother, as it is a lousy MUA anyway, human-interface and
features-wise.
Any of a half-dozen others - depending on user's prefs - are more useful, and
all will JFW w/r AUTH.
We've had no problem advising even low/no-expertise users over the phone w/r
downloading, installing, and configuring login settings with, for example,
SeaMonkey or Thundermug
Going up to 'root' and rm'ing all vestiges of the Apple Mail and its dodgy and
exploitable linked-to-everything address book is also a security plus.
YMMV, but the only non-Mac systems on our MTA are 'true' F/OSS *BSD.
so we've been at this for a while....
Bill