Pkg exim4 users - Nov 2006 - smth auth client with exchange server

Hello, folks!

I have to use a m$ exchange smarthost for my exim servers (sic!) and I
need exim to do smtp auth (as client) for this. /etc/exim4/passwd.client
lists the proper credentials. Because the DNS A record and PTR record
differ, I''ve copied the line and changed the server name on the copied
line to the PTR correspondent hostname. Both hostnames as DCsmarthost do
not work. This error message appears in mainlog:

2006-11-27 11:22:07 1GodcX-0003i2-RO ** test@web.de R=smarthost
T=remote_smtp_smarthost: SMTP error from remote mailer afte
r RCPT TO:<test@web.de>: host mail.enterprise.de [10.10.10.2]: 550 5.7.1
Unable to relay for test@web.de

Where mail.enterpise.de is my smarthost and test@web.de is a remote mail
address. A test with Thunderbird as client with the same credentials
work perfectly.  My guess is, that the TLS and AUTH handshakes do not
work properly. Do you have a clue how to get this working?

TIA!
Wolfgang Kohnen



ps: I''ve tried to set tls_tempfail_tryclear = true -- with the same
result.

On Mon, Nov 27, 2006 at 09:54:31PM +0100, Wolfgang Kohnen
wrote:
> I have to use a m$ exchange smarthost for my exim servers (sic!) and I
> need exim to do smtp auth (as client) for this. /etc/exim4/passwd.client
> lists the proper credentials. Because the DNS A record and PTR record
> differ, I''ve copied the line and changed the server name on the
copied
> line to the PTR correspondent hostname.
Does your exchange offer STARTTLS? If not, is your exim permitted to
use unencrpyted passwords?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

Hello Marc!

Marc Haber schrieb:
> Does your exchange offer STARTTLS? If not, is your exim permitted to
> use unencrpyted passwords?
>   
I''ve telnetted exchange and typed in the command "ehlo
localhost". The
answer was:

250-mail.enterprise.de Hello [82.83.60.124]
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK

When I type in "help", exchange answeres this:

214-This server supports the following commands:
214 HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH TURN ETRN BDAT
VRFY

I''ve done some tests with Thunderbird (all with authentication
enabled):

without encryption: relay works
with TLS: error message STARTTLS is not offered in conjunction with EHLO
with TLS, if available: relay works
with SSL, but port 25: service not available or connection refused
(tcpdump says, there were a few packages)

Apparently it works w/o encryption but not w/ encryption?

By the way: I don''t like exchange very much. :-)


Ideas?
Wollie

On Fri, Dec 01, 2006 at 09:11:37PM +0100, Wolfgang Kohnen
wrote:
> Marc Haber schrieb:
> > Does your exchange offer STARTTLS? If not, is your exim permitted to
> > use unencrpyted passwords?
> >   
> 
> I''ve telnetted exchange and typed in the command "ehlo
localhost". The
> answer was:
> 250-mail.enterprise.de Hello [82.83.60.124]
Does Enterprise Autovermietung GmbH allow you to use their domain name?

<greeting, not offering STARTTLS, deleted>
> without encryption: relay works
> with TLS: error message STARTTLS is not offered in conjunction with EHLO
> with TLS, if available: relay works
> with SSL, but port 25: service not available or connection refused
> (tcpdump says, there were a few packages)
> 
> Apparently it works w/o encryption but not w/ encryption?
See
http://pkg-exim4.alioth.debian.org/README/README.Debian.html#smtp-auth,
Chapter 2.3.1, second paragraph.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

Hello Wolfgang,

Wolfgang Kohnen, 01.12.2006 (d.m.y):
> Marc Haber schrieb:
> > Does your exchange offer STARTTLS? If not, is your exim permitted to
> > use unencrpyted passwords?
> >   
> 
> I''ve telnetted exchange and typed in the command "ehlo
localhost". The
> answer was:
> 
> 250-mail.enterprise.de Hello [82.83.60.124]
> 250-TURN
> 250-SIZE
> 250-ETRN
> 250-PIPELINING
> 250-DSN
> 250-ENHANCEDSTATUSCODES
> 250-8bitmime
> 250-BINARYMIME
> 250-CHUNKING
> 250-VRFY
> 250-X-EXPS GSSAPI NTLM LOGIN
> 250-X-EXPS=LOGIN
> 250-AUTH GSSAPI NTLM LOGIN
> 250-AUTH=LOGIN
> 250-X-LINK2STATE
> 250-XEXCH50
> 250 OK
> 
> When I type in "help", exchange answeres this:
> 
> 214-This server supports the following commands:
> 214 HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH TURN ETRN BDAT
> VRFY
Strange thing: At least STARTTLS is missing in what Exchange answered
to your EHLO...
> I''ve done some tests with Thunderbird (all with authentication
enabled):
> 
> without encryption: relay works
> with TLS: error message STARTTLS is not offered in conjunction with EHLO
See above: The other server doesn''t offer STARTTLS.
> with TLS, if available: relay works
...but most probably without encryption.
> with SSL, but port 25: service not available or connection refused
> (tcpdump says, there were a few packages)
See above.
> Apparently it works w/o encryption but not w/ encryption?
...as np STARTTLS is offered.
> By the way: I don''t like exchange very much. :-)
I think, you''re not the only one...

Gruss/Regards,
Christian Schmidt

-- 
Was auch immer, du mich auch.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.alioth.debian.org/pipermail/pkg-exim4-users/attachments/20061202/06fe72a9/attachment.pgp