----- Original Message ----- From: "Marc Haber" <[EMAIL PROTECTED]>
When I last looked, OE was not able to do STARTTLS and required
special configuration to allow smtp-over-tls on Port 465. Exim
requires special configuration to support this. How did you enable
smtp-over-tls?

I installed Debian, then followed these instructions:

http://pkg-exim4.alioth.debian.org/README/README.Debian.html#TLS

1. Generate the cert
2. set MAIN_TLS_ENABLE
3. edit /etc/exim4/exim4.conf.template to add a simple plaintext LOGIN 
authenticator with Outlook Express server prompt fix:
-----
fixed_login:
   driver = plaintext
   public_name = LOGIN
   server_prompts = Username:: : Password::
   server_condition = \
       ${if and {{eq{$auth1}{username}}{eq{$auth2}{password}}}}
   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
   .endif
-----

At this point (no SMTPLISTENEROPTIONS and tls_on_connect_ports)
Outlook Express clients from my network can connect and send messages over this 
server.
(If that matters, Outlook is on Windows XP SP2, outlook version 
6.0.2900.2180.xpsp_sp2_gdr.070227-2254)

Since yesterday many packages went into lenny, I'm not sure if Exim is
the real cause of this problem, maybe it could be gnutls, or something
other.

Where can I get exim 4.69-2 to test it again and see if it works?

You can try pulling an older package from snapshot.debian.net.

Many thanks, I successfully reverted all the exim packages to 4.69-2, but I had 
no luck, it doesn't work.
I then reverted libgnutls26 from 2.2.3~rc-1 to 2.2.2-1, but no luck again.

I would suggest a different debugging path though:

(1) verify whether your OE does STARTTLS or smtp-over-ssl
(2) try with a command line client (swaks, gnutls-cli, openssl s_client)
   whether your exim actually does what your OE expects it to do
(3) try with a command line server (gnutls-serv, openssl s_server)
   whether your OE is able to connect to the server. This might be a
   challenge to do with STARTTLS.

Disabling the client certificate request in exim configuration may be
worth a try, too.

Maybe I haven't explained myself well, sorry for that.
I said that my Outlook Express was doing TLS until Friday, when I left the 
office.
On Monday, I upgraded this system (let's call this system "vmdeb"), along with other things such installing apache, squirrelmail spamassassin, and now OE can't do TLS any more.

By the way:
To answer your (1), my OE _does_ STARTTLS (I snarfed it with Ethereal).

What's new is that I found another system, let's call it "realdeb", that was 
not upgraded.
I followed the 3 points above (gencert, MAIN_TLS_ENABLE, add plaintext login 
authenticator), and now OE/TLS works on "realdeb"!!!


What I would like to know is what is changed that now has broken the TLS setup.
If, for example, we find the package that is changed, looking at his changelog 
we can find out the problem
Do you know of any other possible package upgrade related to this issue between 
May 16 and May 19?
do you think that installing Apache, Squirrelmail and Spamassassin could have 
broken TLS?

Let me know if you need more informations/tests.


Greetings
Marc
Thanks,
Diego




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to