Re: [exim] Problem with TLS connection

Pàgina inicial
Aquest missatge és part del següent fil:
Ml'arbre de fils complet ordenat per data
M\Heiko Schlittermann en <-
MMSven Hartge en ->
Delete this message
Reply to this message
Autor: Heiko Schlittermann
Data:  
A: <exim-users@exim.org>
Assumpte: Re: [exim] Problem with TLS connection
Hello Hill,

I did some tests: 

    heiko@jumper:~$ swaks -tlsc -s mail.ruyter.co.uk -q EHLO -p 587
                              ^(*) not the trailing "s" here
    === Trying mail.ruyter.co.uk:587...
    === Connected to mail.ruyter.co.uk.
    === TLS started w/ cipher DHE-RSA-AES256-SHA
    === TLS peer subject DN="/CN=mail.ruyter.co.uk"
    <~  220 mail.ruyter.co.uk ESMTP Exim 4.71 Wed, 18 May 2011 22:11:02 +0100
     ~> EHLO jumper.schlittermann.de
    <~  250-mail.ruyter.co.uk Hello dslb-088-073-177-189.pools.arcor-ip.net [88.73.177.189]
    <~  250-SIZE 52428800
    <~  250-PIPELINING
    <~  250-AUTH PLAIN LOGIN
    <~  250 HELP
     ~> QUIT
    <~  221 mail.ruyter.co.uk closing connection
    === Connection closed with remote host.


About the same using: 

    heiko@jumper:~$ openssl s_client -connect mail.ruyter.co.uk:587
    …
    Expansion: NONE
    SSL-Session:
        Protocol  : TLSv1
        Cipher    : DHE-RSA-AES256-SHA
        Session-ID: 0614607DD7763A213868095FD0D8E6B0D099E2189140BDB6A510E6EE9A3C59B9
        Session-ID-ctx: 
        Master-Key: 05D5A6D3A166ADC90B3CCBC7C48F5B4D3B45D7CD6E1074B3B4AE1592735DF757C4CE416DB1768D6C332B74B36F876EA0
        Key-Arg   : None
        Start Time: 1305752845
        Timeout   : 300 (sec)
        Verify return code: 21 (unable to verify the first certificate)
    ---
    220 mail.ruyter.co.uk ESMTP Exim 4.71 Wed, 18 May 2011 22:13:36 +0100



It seems, that you configured your Exim to use tls_on_connect on port
587, that's what most clients do not expect. 

    Port  25:    SMTP with our without STLS
    Port 465:    SMTPS
    Port 587:    SMTP with our without STLS 
                 (should be used for mail submmission)


Just check your Exim configuration, the tls_on_connect_ports option
should not be used, at least not for port 25 or port 587, except you
have good reasons to do so. If you're not sure if you found the right
config: 

    exim -bV


should tell you the location of the config file. 

    exim -bP tls_on_connect_ports


should tell you the current setting as Exim reads it from the
configuration file.

That your LAN clients are not affected may be a result of miraclous auto
problem resolving features of your clients (notably outlook). Clients
outside your network are handicapped by firewalls or similiar beasts
probably.

If your successfully changed the mentioned option, the above shown
swaks command should work in a slightly modified form: 

    swaks -tls -s mail.ruyter.co.uk -q EHLO -p 587
              ^(*) - note the missing "s" here


--
Heiko :: dresden : linux : SCHLITTERMANN.de
GPG Key 48D0359B : 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B
Aquest missatge es va enviar a les següents llistes de correu:
Exim-users
Informació sobre la llista de correu | Missatges propers		<-Re: [exim] Problem with TLS connectionRe: [exim] Problem with TLS connection->
Tahini and Hummus and Cumin Development Archives administrat per cumin AdminsLurker (versió 2.3)