Re: [exim] exim doing client auth on office365 smtp

Góra strony
Delete this message
Reply to this message
Autor: Mike Cardwell
Data:  
Dla: exim-users
Temat: Re: [exim] exim doing client auth on office365 smtp
* on the Fri, Jun 14, 2013 at 10:20:06AM -0300, Reinaldo Matukuma wrote:

> I had a situation today where i need that exim act as client on
> office365 server with authentication. So, i have configured two
> authenticators (one for PLAIN and other for LOGIN) that will be sent
> after TLS.
>
> The problem that i found is that the office365 server isn't doing the
> correct announce of AUTH mechanisms....
>
> Running exim in debug mode i saw this:
>   SMTP<< 250-pod51028.outlook.com Hello [189.74.52.32]
>         250-SIZE 36700160
>         250-PIPELINING
>         250-DSN
>         250-ENHANCEDSTATUSCODES
>         250-STARTTLS
>         250-AUTH
>         250-8BITMIME
>         250-BINARYMIME
>         250 CHUNKING

>
> They are announcing only that has auth capability, right?


The above is the output of the EHLO command *before* encryption. If
you negotiate TLS and re-issue EHLO (in the same manner that your
email client would), then the auth command correctly lists "LOGIN"
capability:

mike@alfa:~$ openssl s_client -quiet -crlf -connect 207.46.4.237:25 -starttls smtp
depth=2 CN = Microsoft Internet Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
250 CHUNKING
EHLO foo
250-pod51028.outlook.com Hello [178.79.145.246]
250-SIZE 36700160
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-AUTH LOGIN
250-8BITMIME
250-BINARYMIME
250 CHUNKING

Microsofts server is basically saying that they don't allow auth over
unencrypted connections, but do allow LOGIN auth over encrypted
connections. This is normal and common behaviour.

-- 
Mike Cardwell  https://grepular.com/     http://cardwellit.com/
OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3  B0CF 70A5 F512 0018 461F
XMPP OTR Key   8924 B06A 7917 AAF3 DBB1  BF1B 295C 3C78 3EF1 46B4