Hi Andreas,
thanks for your help.
On Di, 29 Mai 2012, Andreas Metzler wrote:
> 587 uses starttls, you'll need to talk to 465 to give abovementioned
> openssl test a chance to succeed.
Ok, after adding the necessary GLobalSign to the accepted CA certificates
I can talk to the server via openssl and gnutls-cli on port 465.
I could even send an actual email by typing in all the commands
including authentication etc using gnutl-cli:
> gnutls-cli --priority=NORMAL:%COMPAT:-VERS-TLS1.1:-VERS-TLS1.2 \
> smtp.jaist.ac.jp -p 465
Here is a transcript:
$ gnutls-cli --priority=NORMAL:%COMPAT:-VERS-TLS1.1:-VERS-TLS1.2
smtp.jaist.ac.jp -p 465
Processed 7 CA certificate(s).
Resolving 'smtp.jaist.ac.jp'...
Connecting to '150.65.19.12:465'...
- Peer's certificate is trusted
- The hostname in the certificate matches 'smtp.jaist.ac.jp'.
....
220 mailrelayi.jaist.ac.jp ESMTP
EHLO mithrandir
250-mailrelayi.jaist.ac.jp
250-8BITMIME
250-SIZE 104857600
250-AUTH PLAIN LOGIN
250 AUTH=PLAIN LOGIN
AUTH LOGIN
334 VXNlcm5hbWU6
.....some....string
334 UGFzc3dvcmQ6
.....some...string
235 #2.0.0 OK Authenticated
MAIL FROM:<prein...@logic.at>
250 sender <prein...@logic.at> ok
RCPT TO:<prein...@debian.org>
250 recipient <prein...@debian.org> ok
DATA
354 go ahead
From: "Norbert Preining" <prein...@logic.at>
To: "Norbert Preining" <prein...@debian.org>
Subject: Hello WOrld
See you soon
.
250 ok: Message 117646959 accepted
QUIT
221 mailrelayi.jaist.ac.jp
*** Fatal error: The TLS connection was non-properly terminated.
*** Server has terminated the connection abnormally.
$
But interestingly the mail was properly delivered, so no problem on
this side.
The only hickup was that at then end
> connect if the SSL/settings are modified (for 4.77
> gnutls_require_protocols and gnutls_compat_mode, for 4.80 (in
> experimental) simply set tls_require_ciphers to the abovementioned
> priority string.)
Now I tried to convince exim to do the same, but without success.
According to your remarks I set the foillowing variables in
/etc/exim4/conf.d/main/000_localmacros
DCsmarthost=smtp.jaist.ac.jp::465
gnutls_compat_mode=true
gnutls_require_protocols=NORMAL:%COMPAT:-VERS-TLS1.1:-VERS-TLS1.2
called update-exim4.conf and restarted exim. Unfortunately it did
not work out, I got:
2012-05-30 08:08:15 [11828] 1SZVOZ-0007rj-8Q SMTP timeout while connected to
smtp.jaist.ac.jp [150.65.19.12] after initial connection: Connection timed out
2012-05-30 08:08:15 [11825] 1SZVOZ-0007rj-8Q == prein...@logic.at R=smarthost
T=remote_smtp_smarthost defer (110): Connection timed out: SMTP timeout while
connected to smtp.jaist.ac.jp [150.65.19.12] after initial connection
which is at least a step forward ...
Any further ideas?
-----------------------------
One more thing: I want to complain to the tech staff here: can you
tell me what else, besides the fact that TLS1.1 and TLS1.2 are not
supported, I can tell them?
Thanks a lot and all the best
Norbert
------------------------------------------------------------------------
Norbert Preining preining@{jaist.ac.jp, logic.at, debian.org}
JAIST, Japan TeX Live & Debian Developer
DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094
------------------------------------------------------------------------
VOBSTER (n.)
A strain of perfectly healthy rodent which develops cancer the moment
it enter a laboratory.
--- Douglas Adams, The Meaning of Liff
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
