On Wed, Nov 06, 2002 at 01:56:08AM -0500, ZZ wrote: > When I do get this working, I'll put together a crude mini-howto thing, > because this is really cool. It blows the minds of windows-types > that I can read my mail over ssl-links via mozilla-mail, which is a > very slick looking client. (but then I don't reply to my mail until > they look the other way, because currently I have to ssh in to use > mutt to reply.)
Well, here is how far I am currently on getting tls setup: The relevate lines from my exim.conf: ---------------------------------------------------------------------- # open relay for authorized hosts host_auth_accept_relay = * # only allow auth over encrypted connections auth_over_tls_hosts = * # I prefere to display as little information as possible auth_always_advertise = false # I use this certificate also for cyrus. # This certificate is signed with a CA certificate I created myself. tls_certificate = /usr/local/ssl-certs/cert.pem tls_privatekey = /usr/local/ssl-certs/key.pem ---------------------------------------------------------------------- I try to test this setup: host:~# exim -bh some.foreign.ip.num **** SMTP testing session as if from host some.foreign.ip.num **** Not for real! >>> host in host_lookup? yes (*) >>> looking up host name for some.foreign.ip.num >>> IP address lookup yielded some.foreign.hostname >>> host in host_reject? no (option unset) >>> host in host_reject_recipients? no (option unset) >>> host in auth_hosts? no (option unset) >>> host in auth_over_tls_hosts? yes (*) >>> host in tls_hosts? no (option unset) >>> host in sender_unqualified_hosts? no (option unset) >>> host in receiver_unqualified_hosts? no (option unset) >>> host in helo_verify? no (option unset) >>> host in helo_accept_junk_hosts? no (option unset) 220 gate.home-in-the.net ESMTP Exim 3.35 #1 Thu, 07 Nov 2002 09:48:26 >>> +0100 AUTH PLAINTEXT 503 STARTTLS required before AUTH STARTTLS >>> host in tls_verify_hosts? no (option unset) 220 OpenSSL/0.9.6beta go ahead I don't know how to do a tls handshake by hand so I Ctrl-C out. Seems ok to me. Mozilla complains 'unable to connect to SMTP Server. The Server might be misconfigured or down'. If Mozilla tries to use smtps this makes sense since I believe I only have exim listening on port 25. Mulberry, configured to use STARTTLS - TLSv1 or STARTTLS - SSLv3 says 'String not found'. Could somebody give me a hint what the problem could be, or how to continue debugging? Thanks in advance! -- Vinai Registered Linux User #280755, Debian GNU/Linux http://counter.li.org/ Secure eMail with gnupg http://www.gnupg.org/
msg11475/pgp00000.pgp
Description: PGP signature
