Re: [exim] How to debug an encrypted smtp auth connection?

Top Page
Delete this message
Reply to this message
Author: Andrew C Aitchison
Date:  
To: Marc MERLIN
CC: Jeremy Harris, exim-users
New-Topics: [exim] Debian9/exim4.89 does TLS and SMTP AUTH with gmail, but Debian10/exim4.92 doesn't?
Subject: Re: [exim] How to debug an encrypted smtp auth connection?
On Fri, 11 Sep 2020, Marc MERLIN via Exim-users wrote:

> My problem is that I have 2 clients configured the same way, but a
> different version of debian and exim (and maybe something else I haven't
> seen).
> One can connect and do smtp auth perfectly
> The other one cannot and gets rejected by gmail for auth fail


I understand that Debian enforces recent encryption options/ciphers.
If the problem machine is the "new" one it may refuse the tls
offered by gmail unless you fiddle with openssl.cf


> exim d+all shows that /etc/exim4/passwd.client is read, and the (same)
> password is found and looked up.
> After that, I can't debug how it's being sent over encrypted smtp
> and I really really wish the exim client on my side would show me the
> entire smtp stream in debug mode.
> I want to see a good smtp session and a bad one, compare them and see
> what to fix from there.
>
> Is there really no way for exim to show me the entire smtp session
> without obfuscating it, which is pointless given that it just showed me
> the unencrypted password on my screen with -d+all anyway?
>
> I'll try to use strace if it's the only way, but that's not going to be
> fun.


What error message are you getting ?

If the failure is at the tls handshake, does tcpdump
or relatives have anything useful to say ?

-- 
Andrew C. Aitchison                    Kendal, UK
             andrew@???