Re: [exim] the great TLS mystery

Inizio della pagina
Questo messaggio è parte di questo thread:
M--+-----\il thread completo ordinato per data
M\.M+--+\MPhil Pennock at <-
MM\MM+\MMW B Hacker at ->
Delete this message
Reply to this message
Autore: W B Hacker
Data:  
To: exim users
Oggetto: Re: [exim] the great TLS mystery
WJCarpenter wrote:
> In the course of troubleshooting why one of my users couldn't get his
> client configured the way we like it, I came across a mystery w/r/t TLS
> in Exim.
>
> My Exim is 4.71 as installed by Ubuntu Lucid Lynx (10.04) server (the
> "heavy" exim). I do not use any of the Debian/Ubuntu exim configuration
> stuff; I have my own from-scratch exim4.conf.
>
> My server is configured to advertise authentication only to localhost
> and TLS connections. (I can show those configs if it comes to that, but
> I don't think it's necessarily relevant.) After configuring his client
> for STARTTLS and an appropriate port, he was getting errors from
> Thunderbird that told me TB was a bit confused.
>
> I walked him through doing a telnet session to my SMTP port and doing
> "ehlo foo" to see what was advertised. Much to my surprise, he got this
> response:
>
> 250-my.server.name Hello his.dynamic.address.bellsouth.net
> [111.222.333.444]
> 250-SIZE 52428800
> 250-PIPELINING
> 250-AUTH PLAIN LOGIN
> 250-HELP
> 250 STARTTLS
>
> If I connect to the same port (remotely, also on a dynamically assigned
> ISP IP address), I get something different. I don't see the AUTH
> advertisement, and the other capabilities are reordered a bit. (BTW, he
> sent me a screen shot of his DOS box telnet session, so I don't have to
> trust him to have done the right things.) In other words, I see what I
> expect, but he sees something that I don't want to happen.
>
> I know what you are thinking ... something screwy with my
> auth_advertise_hosts macro or my server_advertise_condition. I spent a
> bunch of time staring that those before I happened to notice this in my
> log files: "SMTP command timeout on TLS connection from...." Every time
> he connected from his DOS telnet or from his Thunderbird and let the
> connection timeout, the Exim log line indicates that the connection was
> using TLS. I have plenty of other command timeouts that are not TLS (my
> own tests, plus the usual door-knockers).
>
> So, my question is ... what could make Exim believe that a certain
> connection was using TLS when (as far as I can tell) it really was not?
>

This is on port 587? Or 25? Or ???

My suspicion is the end-user MUA and telnet will give different log entries,
even on the same port. If they ARE arriving on the same port...

Check the MUA settings w/r choice of:

SSL

SSL/TLS

TLS if available

... *and* the port chosen (default or manual change..).

More logging detail than default may be wanted.

HTH,

Bill

Questo messaggio è stato inviato alle seguenti mailing lists:
Exim-users
Informazioni sulla Mailing List | Messaggi correlati		<-Re: [exim] the great TLS mysteryRe: [exim] the great TLS mystery->
Tahini and Hummus and Cumin Development Archives amministrato da cumin AdminsLurker (versione 2.3)