[exim] Apple + Outlook - Exim on 587 does not work - Solutio…

Top Page

Reply to this message
Author: Mark Elkins
Date:  
To: exim-users
Subject: [exim] Apple + Outlook - Exim on 587 does not work - Solutions
Apple Maacbook running Microsoft Outlook can not connect to my exim
based mail relay system using port 587, authentication and TLS.

I've always had this problem, it just affects very few people....

A customer just asked again:-

> I am in the process of migrating to my Macbook – finally. We discussed

this last year and I had an issue, for which I would like to find out
whether there is a resolution.

 > The issue concerns my e-mail settings. The incoming mail works
perfectly, however the issue is with outgoing mail. If I set a fixed
SMTP setting (e.g. smtp.dsl.telkomsa.net) then there is no problem,
however this is not a workable solution as I travel extensively and thus
use relay.vweb.co.za. I cannot get this to work with my Macbook and MS
Outlook as there is no setting for TLS encryption in MS Outlook for Mac.
(believe you me, I have looked extensively).

> Have you encountered this problem recently and, more importantly, do

you have a suggestion for a workaround for me?

So, to reiterate - the mail server "relay.vweb.co.za" using Gentoo Linux
and running exim (Exim version 4.89 #1 built 05-Oct-2017 13:48:15)

Users are stored in a MySQL Database. The machine doesn't deal with any
local e-mail accounts (that users then "POP3/IMAP") - it only should
accept e-mail to relay onwards from my customers. I use a real "Let's
Encrypt" certificate. I'm wondering if there is a solution using port
465 - like gmail.com uses?
It works (perfectly?) for any other client mail sending system with
587/Authentication/TLS-STARTTLS. I use DNSSEC and there is a DANE (TLSA)
record in the DNS. I run local virus scanning - etc - so outgoing email
from my clients should be reasonably clean.

Other bits that may be relevant...

tls_certificate = /etc/exim/relay.vweb.co.za.cert
daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports = 465

begin acl
acl_check_rcpt:

  accept  authenticated = *
          control       = submission/sender_retain

(transport - I use outbound DNSSEC/DANE :-)
remote_smtp:
  driver = smtp
  dnssec_request_domains = *
  hosts_try_dane = *
  return_path = ${address:$reply_address}

(authenticators)
PLAIN:
  driver                     = plaintext
  public_name = PLAIN
  server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}

  server_prompts             = :

  server_condition = "${if and { \
                      {!eq{$auth2}{}} \
                      {!eq{$auth3}{}} \
                      {crypteq{$auth3}{${lookup mysql{SELECT
encryptedpassword  FROM admin WHERE user='${quote_mysql:$auth2}' and
status>2 and usertype='m' and smtpauth='y' }{$value}fail}} }} {yes}{no}}"
  server_set_id              = $auth2

status>2 - the user is in good standing
usertype='m' = this is an e-mail user
smtpauth='y' = this user is allowed to use the mail relay system

-- 
Mark James ELKINS  -  Posix Systems - (South) Africa
mje@???       Tel: +27.128070590  Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za