On Tue, May 29, 2012 at 06:45:52PM +0900, Norbert Preining wrote: > On Di, 29 Mai 2012, Marc Haber wrote: > > > I have found various suggestions, like adding the Debian-exim user > > > to the group shadow, > > > > Where is this dangerous suggestion written? > > http://vk6hgr.echidna.id.au/blog/?p=184
The author of this blog entry has not read the documentation. Adding Debian-exim to the shadow group is the most insecure way to get authentication (as a server) to work. It has nothing to do with TLS at all. You might want to revert that change on your system as you are exposing all your password hashes to an attacker. > * openssl > $ openssl s_client -connect smtp.jaist.ac.jp:587CONNECTED(00000003) That will not work. You need to use STARTTLS, -starttls smtp > $ gnutls-cli -s -p 587 smtp.jaist.ac.jp > Processed 0 CA certificate(s). > Resolving 'smtp.jaist.ac.jp'... > Connecting to '150.65.19.12:587'... > > - Simple Client Mode: > > 220 jaist.ac.jp ESMTP mail service ready > EHLO mithrandir > (nothing ... pressing Ctrl-D) The server stalls at this point before even switching to TLS. This is a problem of the remote side that I can see from here as well. You should report this to the operators of the server, it is broken. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 31958061 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 31958062 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
