Re: [exim] PWCHK

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Randy Bush
Dátum:  
Címzett: W B Hacker
CC: exim users
Tárgy: Re: [exim] PWCHK
> 465 is NOT expected to be 'TLS', but rather 'legacy' SSL, AKA
> 'tls_on_connect'.
>
> IOW - no en clair HELO/EHLO, and no fallback to en clair
> communication. And MUA default to that if told to use 465 and/or SSL
>
> So - on that specific point, are you really seeing a build problem
> affecting 465?
>
> ....or just a misconception w/r how to configure the MTA and the MUA
> client?


been running successfully for some years. system had not been rebuilt
since november and, as i am on the road, i figured it would be a good
time to break it :)

> Port 465 was never offically an smtp service port.


i am aware of the history.

> Best to use 587 and cease using 465.


same error, no surprise there. now that i can hope that we have
finished the religious part of the discussion, i could use a bit of help
debugging this sucker.

phil noticed RENEGOTIATING

    rmac.psg.com:/Users/randy> openssl s_client -connect psg.com:587
    CONNECTED(00000004)
    depth=1 /C=US/ST=Washingron/L=Bainbridge Island/O=RGnet/PSGnet/OU=Engineering/CN=RGnet Root CA/emailAddress=randy@???
    verify error:num=19:self signed certificate in certificate chain
    verify return:0
    ---
    Certificate chain
     0 s:/C=US/ST=WA/L=Seattle/O=RGnet, LLC/OU=PSGnet Engineering/CN=psg.com/emailAddress=randy@???
       i:/C=US/ST=Washingron/L=Bainbridge Island/O=RGnet/PSGnet/OU=Engineering/CN=RGnet Root CA/emailAddress=randy@???
     1 s:/C=US/ST=Washingron/L=Bainbridge Island/O=RGnet/PSGnet/OU=Engineering/CN=RGnet Root CA/emailAddress=randy@???
       i:/C=US/ST=Washingron/L=Bainbridge Island/O=RGnet/PSGnet/OU=Engineering/CN=RGnet Root CA/emailAddress=randy@???
    ---
    Server certificate
    -----BEGIN CERTIFICATE-----
    MIIEpzCCBBCgAwIBAgICAKQwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAlVT
    MRMwEQYDVQQIEwpXYXNoaW5ncm9uMRowGAYDVQQHExFCYWluYnJpZGdlIElzbGFu
    ZDEVMBMGA1UEChMMUkduZXQvUFNHbmV0MRQwEgYDVQQLEwtFbmdpbmVlcmluZzEW
    MBQGA1UEAxMNUkduZXQgUm9vdCBDQTEcMBoGCSqGSIb3DQEJARYNcmFuZHlAcHNn
    LmNvbTAeFw0xMDA2MTkxNzExNTRaFw0xMTA2MTkxNzExNTRaMIGOMQswCQYDVQQG
    EwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxEzARBgNVBAoTClJH
    bmV0LCBMTEMxGzAZBgNVBAsTElBTR25ldCBFbmdpbmVlcmluZzEQMA4GA1UEAxMH
    cHNnLmNvbTEcMBoGCSqGSIb3DQEJARYNcmFuZHlAcHNnLmNvbTCCASIwDQYJKoZI
    hvcNAQEBBQADggEPADCCAQoCggEBAMIJuJR410eubOy2CQ+tvIukjXZq/jJxMsGi
    tB5o1Kt2WXeSEeIYd3p8Ybm58SoWtSt6B5PSx9zDgj4gO6sfleVwNKLB0CeKKtQ3
    OVhXDlD/T6oj7xiWy4t5bRwgI9O47NcPt4hpNqJeOw6bBAuOJrFFUAYgxSsbWHMv
    8zUXBIBC8k5Tk8c312QwQ5ePSfbACcdVid9HLXp64uWeJ+DtSu9XfA5fG7Bxvx/i
    M/EpBdIuSpMpgrZY4oyJ9RgR3+QLgJoj0TNk797Rr61vlzCv308FPayJd159Xn/A
    +2xP9VbfmE4oay5Vov5t4z9VgPFmgmKuhCJqUlHhHYGeSzTAOocCAwEAAaOCAXkw
    ggF1MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgbAMB0GA1UdDgQWBBRnsIqt
    3wiKG+vmd3CxfBL4c82sgDCBzgYDVR0jBIHGMIHDgBRUmkatFo7oAUl5SJqUCfAC
    0LpkgKGBp6SBpDCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmdyb24x
    GjAYBgNVBAcTEUJhaW5icmlkZ2UgSXNsYW5kMRUwEwYDVQQKEwxSR25ldC9QU0du
    ZXQxFDASBgNVBAsTC0VuZ2luZWVyaW5nMRYwFAYDVQQDEw1SR25ldCBSb290IENB
    MRwwGgYJKoZIhvcNAQkBFg1yYW5keUBwc2cuY29tggEAMB0GA1UdJQQWMBQGCCsG
    AQUFBwMBBggrBgEFBQcDAjBGBgNVHREEPzA9ggdwc2cuY29tggt3d3cucHNnLmNv
    bYIMbWFpbC5wc2cuY29tgglib2d1cy5jb22CDG9wcy5pZXRmLm9yZzANBgkqhkiG
    9w0BAQUFAAOBgQCxc96FWriyYk8m7iM1aFBHD2yteM8bu+qJNu/2lDu2wVwWaKIM
    OMJ7d0q38tFtY+ZmXXdygeRsVYmbO4u/k3rj4xxO90hThoxqAdBMiJzn14+iamED
    rS3at0wt99RF0ktI1Y703YRuyHWPYQLnOSq70JxwY4FQz5qnHyAc4MhbXw==
    -----END CERTIFICATE-----
    subject=/C=US/ST=WA/L=Seattle/O=RGnet, LLC/OU=PSGnet Engineering/CN=psg.com/emailAddress=randy@???
    issuer=/C=US/ST=Washingron/L=Bainbridge Island/O=RGnet/PSGnet/OU=Engineering/CN=RGnet Root CA/emailAddress=randy@???
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 2112 bytes and written 453 bytes
    ---
    New, TLSv1/SSLv3, Cipher is AES256-SHA
    Server public key is 2048 bit
    Compression: NONE
    Expansion: NONE
    SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: 30FFC0261E0316D8BEE91E2A7109B291604A666F1F4EC7C84AD7562C48C521BA
    Session-ID-ctx: 
    Master-Key: 6927A3B8D0D26CF48BF8971063D2F83AE7D1830773C16E07B89A40957890708BA0B77EDE01F3B148E614305034BB27D4
    Key-Arg   : None
    Start Time: 1277070371
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
    ---
    220 psg.com ESMTP Exim 4.72 Sun, 20 Jun 2010 21:46:11 +0000
    EHLO rmac.psg.com
    250-psg.com Hello rmac.psg.com [71.237.195.26]
    250-SIZE 52428800
    250-8BITMIME
    250-PIPELINING
    250-AUTH PLAIN LOGIN
    250 HELP
    MAIL FROM:<randy@???>
    250 OK
    RCPT TO:<randy@???>
    RENEGOTIATING
    DATA
    503 valid RCPT command must precede DATA
    QUIT
    DONE


but the same happens on a server which works.

and configuring for STARTTLS is the same story.

openssl server side change in algorithm?

randy