Re: [exim] How to debug an encrypted smtp auth connection?

Top Page
Delete this message
Reply to this message
Author: Marc MERLIN
Date:  
To: Jeremy Harris
CC: exim-users
New-Topics: [exim] Debian9/exim4.89 does TLS and SMTP AUTH with gmail, but Debian10/exim4.92 doesn't?
Subject: Re: [exim] How to debug an encrypted smtp auth connection?
On Fri, Sep 11, 2020 at 09:19:02AM +0100, Jeremy Harris via Exim-users wrote:
> On 11/09/2020 03:02, Marc MERLIN via Exim-users wrote:
> > If I run exim -d+all my-email@??? , I'd like to see the entire
> > SMTP connection decrypted.
> > However, it is not shown.
>
> The authentication info is such an obvious security hole
> that the data is deliberately overwritten, in the client,
> with the asterisks you see.
>
> The server can log it, with a few acrobatics. I do:


Ok, that's a problem because the server is gmail and I don't have access
to it.

> You do realise that this data is encoded (*not* encrypted) I hope.
> Human eyes still won't like it without further processing.


Yes, I do.
My problem is that I have 2 clients configured the same way, but a
different version of debian and exim (and maybe something else I haven't
seen).
One can connect and do smtp auth perfectly
The other one cannot and gets rejected by gmail for auth fail

exim d+all shows that /etc/exim4/passwd.client is read, and the (same)
password is found and looked up.
After that, I can't debug how it's being sent over encrypted smtp
and I really really wish the exim client on my side would show me the
entire smtp stream in debug mode.
I want to see a good smtp session and a bad one, compare them and see
what to fix from there.

Is there really no way for exim to show me the entire smtp session
without obfuscating it, which is pointless given that it just showed me
the unencrypted password on my screen with -d+all anyway?

I'll try to use strace if it's the only way, but that's not going to be
fun.

Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.

Home page: http://marc.merlins.org/