Re: [exim] Exim4 + fixed_cram

Top Page
Delete this message
Reply to this message
Author: Wolfgang Breyha
Date:  
To: exim-users@exim.org
Subject: Re: [exim] Exim4 + fixed_cram
On 22/01/14 15:09, basti wrote:
> Ok, thanks for that tip.
> Now a Test connection looks like:
>
> telnet myserver.de 25
> Trying 1.1.1.1...
> Connected to unix-solution.de.
> Escape character is '^]'.
> 220 mail.myserver.de ESMTP Exim 4.80 Wed, 22 Jan 2014 14:39:54 +0100
> ehlo localhost
> 250-mail.myserver.de Hello p578a6f5e.dip0.t-ipconnect.de [1.1.1.2]
> 250-SIZE 209715200
> 250-8BITMIME
> 250-PIPELINING
> 250-STARTTLS
> 250 HELP
> quit
> 221 mail.myserver.de closing connection
> Connection closed by foreign host.
>
> did this mean that fist of all the connection is encrypt by starttls?


A client usually uses STARTTLS first and issues another EHLO to get new or
changed capabilities. Then he sees the AUTH. You can check that with
"openssl s_client -starttls smtp ...", swaks
(http://www.jetmore.org/john/code/swaks/) or smtptest from cyrus-imapd.

> next I have try md5-cram and get the following error:
> (received and digest are anonymised)


Sorry, can't help with that. I used CRAM/DIGEST-MD5 with SASL only some
years ago. I've no experience with your kind of setup.

Personally I wouldn't use both for new installations. LOGIN/PLAIN after
STARTTLS is just fine.

Greetings, Wolfgang
--
Wolfgang Breyha <wbreyha@???> | http://www.blafasel.at/
Vienna University Computer Center | Austria