* on the Fri, Jun 14, 2013 at 10:20:06AM -0300, Reinaldo Matukuma wrote:
> I had a situation today where i need that exim act as client on
> office365 server with authentication. So, i have configured two
> authenticators (one for PLAIN and other for LOGIN) that will be sent
> after TLS.
>
> The problem that i found is that the office365 server isn't doing the
> correct announce of AUTH mechanisms....
>
> Running exim in debug mode i saw this:
> SMTP<< 250-pod51028.outlook.com Hello [189.74.52.32]
> 250-SIZE 36700160
> 250-PIPELINING
> 250-DSN
> 250-ENHANCEDSTATUSCODES
> 250-STARTTLS
> 250-AUTH
> 250-8BITMIME
> 250-BINARYMIME
> 250 CHUNKING
>
> They are announcing only that has auth capability, right?
The above is the output of the EHLO command *before* encryption. If
you negotiate TLS and re-issue EHLO (in the same manner that your
email client would), then the auth command correctly lists "LOGIN"
capability:
mike@alfa:~$ openssl s_client -quiet -crlf -connect 207.46.4.237:25 -starttls smtp
depth=2 CN = Microsoft Internet Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
250 CHUNKING
EHLO foo
250-pod51028.outlook.com Hello [178.79.145.246]
250-SIZE 36700160
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-AUTH LOGIN
250-8BITMIME
250-BINARYMIME
250 CHUNKING
Microsofts server is basically saying that they don't allow auth over
unencrypted connections, but do allow LOGIN auth over encrypted
connections. This is normal and common behaviour.
--
Mike Cardwell https://grepular.com/ http://cardwellit.com/
OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
