On 14/03/2020 22:55, Leonardo Boselli via Exim-users wrote:
> On a new machine -debian 9- i have installed exim4,
> it work except that trybg to connect from a mobile i get this result:
> *this on port 465, 587 and 25, aster stattls do the same)
>
> <<250 HELP
>>> ehlo hostmaster.*.it
> <<250-w Hello hostmaster.*.it [2001:*:*:*::33]
> <<250-SIZE 52428800
> <<250-8BITMIME
> <<250-PIPELINING
> <<250-PRDR
> <<250 HELP
>>> AUTH LOGIN
> <<503 AUTH command used when not advertised
Normally 465 will behave differently to 25 & 587 for
this. Because the LOGIN method of authentication uses
plaintext on the channel for information you'd rather
keep secret, you want to only use it on an encrypted channel.
That's fine for (the usual use of) 465, which is set up to
do TLS-on-connect. So the server, on a 465 TCP connection,
should do (and expect the client to do) TLS immediately -
and then advertise the methods for AUTH. But 25 and 587
traditionally do STARTTLS to get the encryption going
on a previously cleartext SMTP channel - so the server
does not (before the STARTTLS negotiation) advertise
these AUTH methods - and the client should not attempt to
use them, but should do STARTTLS first (assuming the
server offers it) and see what the server then offers.
Your debug output doesn't tell us which port you were using
at the time, nor what was done on the connection previously.
Have a look at the docs for the exim command-line for getting
more detail in debug output.
Have a look at the main-section configuration for the
TLS configuration, and how it is made port-dependent.
Have a look at the "smtp authentication" chapter to see
how the advertising of authentication methods is controlled.
Docs at:
http://exim.org/exim-html-current/doc/html/spec_html/
Now, having said all that - Debian provide a configurator for
the Exim they ship. You should probably re-run it, if you were
using it, as the first step. Think carefully about all of the
questions it asks.
--
Cheers,
Jeremy
