On Tue, Jun 17, 2003 at 01:17:38AM -0500, Will Trillich wrote: | On Sun, Jun 15, 2003 at 10:42:45PM -0700, Vineet Kumar wrote:
| > What problems have you faced trying to get exim-tls up and | > running? I can share my config if you need it. | | well, when i have the tls options enabled, eudora and outhouse | excess both claim the server doesn't speak ssl/tls -- and | sniffit shows only "EHLO <hostname>" and "QUIT" from the client, | even tho telnetting in to port 25 (smtp) shows "STARTTLS" as an | option. That's, obviously!, a client bug. :-) I recall reading something about Outhouse not supporting STARTTLS and the "solution" is to run a TLS-always daemon on a separate port. Then tell outhouse to use that other port instead. Kinda like HTTP vs. HTTPS where it's an all-or-nothing deal (even though STARTTLS is a better approach). | (certificate and public key seem okay; i'm even able to grok the | syntax to have an authenticator pull password fields out of a | "htpasswd"-created file...) That sounds good. May I suggest using exim or some other Debian tool to verify that exim itself is working with TLS (and/or AUTH)? (the AUTH PLAIN part is easy, using telnet) | (not to mention what machinations i have to do to the windo~1 | client software to get it to grok tls correctly...) This is where things get icky. But that's just M********. You're well aware of that already, though. That's why I recommend using well-known and well-documented (debian) tools to verify your exim config before attempting to jump through hoops in Redmond. BTW, I *think* I have exim working with TLS, but 1) I am using exim 4, not 3.x 2) I don't actually use it apart from testing way back when I configured it, so I don't remember if it is actually there or not. If you want to experiment with it, you're welcome to. Just let me know before hand because, IIRC, I have STARTTLS only advertised to certain clients. HTH, -D -- Q: What is the difference betwee open-source and commercial software? A: If you have a problem with commercial software you can call a phone number and they will tell you it might be solved in a future version. For open-source sofware there isn't a phone number to call, but you get the solution within a day. http://dman.ddts.net/~dman/
pgp00000.pgp
Description: PGP signature