Hello, by now I tryed to activate Port 465 for SMTP-TLS Connections and tested that via telnet. I added these lines at the very beginning of my Main-Section of /etc/exim4/exim4.conf:
<< MAIN_TLS_ENABLE = true SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid' tls_on_connect_ports=465 >> But Port 465 is still closed as this telnet session says: << vitruvia:/etc/mailman# telnet localhost 465 Trying 127.0.0.1... telnet: Unable to connect to remote host: Connection refused >> After having changed tls_on_connect_ports to =25, at least I got a connection that terminated itself (I suspect because the telnet failed to do a TLS-auth): << vitruvia:/etc/mailman# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Connection closed by foreign host. >> But I need port 465 for my friends using Windows... What can I do to open port 465? Thanks for your help. Regards Andreas Phil Pennock schrieb: > On 2007-06-12 at 22:14 +0200, Andreas Kahl wrote: > >> accept hosts = +relay_from_hosts >> >> accept authenticated = * >> >> deny message = relay not permitted >> > > This is fine. > > >>> You can get more diagnostics, running a debug Exim; this won't detach >>> >from the terminal, so you'll see what's going on. For instance: >>> >>> # exim -d+acl+auth -oX 26 -bd >>> >>> >> I also did this (with Port 25). A copy of my console is attached in >> exim-session.txt . >> > > This shows the problem. The client isn't authenticating. > > >> 28267 SMTP>> 220 vitruvia.dyndns.org ESMTP Exim 4.63 Tue, 12 Jun 2007 >> 22:02:33 +0200 >> 28267 Process 28267 is ready for new message >> 28267 smtp_setup_msg entered >> 28267 SMTP<< XXXX Cirrus.local >> > > WTF is XXXX as an SMTP command? > Ah, it appears to be what a Cisco firewall replaces unacceptable > commands with. > > You've got a broken application-level firewall breaking your SMTP > conversations. > > You could try using the "submission" port, 587, for submission of email. > Or smtps on port 465 (SMTP with SSL-on-connect, instead of being > negotiated). Submission is better, smtps might better survive the > man-in-the-middle attack perpetrated by the malware pretending to be a > firewall. I call it malware because it's actively preventing good > security. > > >> 28267 LOG: smtp_syntax_error MAIN >> 28267 SMTP syntax error in "XXXX Cirrus.local" >> H=p54997838.dip.t-dialin.net [84.153.120.56] unrecognized command >> 28267 SMTP>> 500 unrecognized command >> 28267 SMTP<< HELO Cirrus.local >> > > So here your client is saying HELO instead of EHLO, so isn't learning > about the authentication options. > > >> 28267 SMTP>> 250 vitruvia.dyndns.org Hello p54997838.dip.t-dialin.net >> [84.153.120.56] >> 28267 SMTP<< MAIL FROM:<[EMAIL PROTECTED]> >> 28267 SMTP>> 250 OK >> > > Here you see your server responding to the HELO and then the client > starting to send email; there's no authentication in-between. > > >> 28267 SMTP<< RCPT TO:<[EMAIL PROTECTED]> >> 28267 using ACL "acl_check_rcpt" >> > [...] > >> 28267 processing "accept" >> 28267 check authenticated = * >> 28267 accept: condition test failed >> > > And so the "have they authenticated?" test fails. > > -Phil > -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
