Pkg exim4 users - Apr 2007 - Re: configuring an SSL tunnel.

Marc,

mh> I do not understand what you mean here.

Only that exim4.readme.html, Section 2.1.4 
gives the general picture.  That is important 
for someone trying to understand the 
configuration process.

mh> SMTPLISTENEROPTIONS=''-oX 465:25 -oP
/var/run/exim4/exim.pid''

Now I''ve done the same, except that I am using
port 587.  Port 465 is assigned to a Cisco 
proprietary protcol.  Google "site:cisco.com port 465".

mh> tls_on_connect_ports = 465
mh> in the main configuration.

I put "tls_on_connect_ports = 587" at the 
beginning of the section entitled 
"### main/03_exim4-config_tlsoptions".

Is that location feasible?  (The .ifdefs  
baffle me.)

mh> What does "does not work" mean?

A message could and can still be sent from the MUA 
connected to the LAN where the machine running 
exim resides.  A message could not be sent through 
a SSL tunnel initiated at the remote site.

Tuesday or Wednesday I''ll try the tunnel with the 
revisions described above.  If it still fails, 
I''ll see whether /var/log/exim4/{mainlog, rejectlog} 
tell anything useful.  (Higher verbosity might be needed.)

Thanks,      ... Peter


Desktops.OpenDoc  http://carnot.pathology.ubc.ca/

On Sun, Apr 22, 2007 at 09:33:37AM -0700, peasthope@cablelan.net
wrote:
> mh> I do not understand what you mean here.
> 
> Only that exim4.readme.html, Section 2.1.4 
> gives the general picture.  That is important 
> for someone trying to understand the 
> configuration process.
Yes, and all information given earlier in the document are more
important to general usage than this general picture is important to
somebody trying to understand the configuration process.
> mh> SMTPLISTENEROPTIONS=''-oX 465:25 -oP
/var/run/exim4/exim.pid''
> 
> Now I''ve done the same, except that I am using
> port 587.  Port 465 is assigned to a Cisco 
> proprietary protcol.  Google "site:cisco.com port 465".
TCP/465 is roguely used by all Microsoft clients for SMTP-over-TLS
with TLS on connect. The allocation to cisco happened only a short
time ago, Microsoft doesn''t seem to care.

otoh, everybody expects TCP/587 to be e-mail submission via (plain)
SMTP with or without STARTTLS. Using SMTP-over-TLS with TLS on connect
will be a surprise to people who know what they''re doing.
> mh> tls_on_connect_ports = 465
> mh> in the main configuration.
> 
> I put "tls_on_connect_ports = 587" at the 
> beginning of the section entitled 
> "### main/03_exim4-config_tlsoptions".
In which file? Are you using split or non-split config?
> mh> What does "does not work" mean?
> 
> A message could and can still be sent from the MUA 
> connected to the LAN where the machine running 
> exim resides.  A message could not be sent through 
> a SSL tunnel initiated at the remote site.
What''s the error message of the client, what are the log entries on
the server?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190