Jeff Wexler wrote: > I have been googling for three days now to no avail. > >
Jeff, 'Most' of the 'LookOUT!' pecaddillos have either been fixed by MS or are very familiar here, and it just should not be a significant problem these days. But I'm not convinced it is entirely a GNUTLS problem, either... and what you are reporting is rare enough that you may have simply gotten your own underwear caught in the machinery. So - first, a few extra tests: - try adding the no-longer-proper legacy port 465 as 'tls_on_connect', point Outlook at it seeking 'SSL' (only) and see if Outlook JFW with the same certs. - try *temporarily* setting port 587 to 'tls_on_connect', over-riding Outlook to set for that port BUT 'SSL' (NOT TLS) and see if THAT works. If neither of those work and the SSL/TLS errors persist, I'd suggest you 'park' the entirety of the old install off to the side on backup somewhere and try a clean install of Exim with as few non-stock options as possible. Likewise clean cert generation from a cold start, and with no frills. Try the new install - THEN - if the problem persists, post your authenticators for us to have a look at as well as the SSL/TLS specifics. Do make use of Exim's superb debug first! Along the way - if you are not married to GNU in a proper church, you might want to see if switching to OpenSSL makes life easier. That seems to be the case more often than the reverse. HTH Bill Hacker > > I have just reconfigured relevant email settings (exim4, mailscanner, > clamav, saslauthd, ldap, samba, dovecot, ssl, ca-certificates, .crt and .pem > files) on ubuntu 9.10 by updating the current version of each's settings > files with my customizations that I had made on Ubuntu 8.04 LTS. > > > > I am able to receive email fine but can no longer send. My configuration > requires TLS over port 587. > > > > Please note again that the customizations, certificates, etc are those that > worked on 8.04 LTS. > > > > Outlook 2007 produces the following error (not exact wording): > > > > Sending of test email message: does not support the encryption type supplied > by the server. Please change the encryption method. Contact your > administrator... > > > > And in the mainlog: > > > > SMTP connection from [123.123.123.123]:1185 I=[123.123.123.124]:587 (TCP/IP > connection count = 1) > > 2010-04-30 16:05:21 [2808] no host name found for IP address 123.123.123.123 > > 2010-04-30 16:05:22 [2808] TLS error on connection from (mycomp) > [123.123.123.123]:1185 (gnutls_handshake): A TLS packet with > > > > unexpected length was received. > > 2010-04-30 16:05:22 [2808] SMTP connection from (mycomp) > [123.123.123.123]:1185 I=[123.123.123.124]:587 closed by EOF > > 2010-04-30 16:05:22 [2808] no MAIL in SMTP connection from (mycomp) > [123.123.123.123]:1185 I=[123.123.123.124]:587 D=6s C=EHLO,STARTTLS > > > > I did the following test: > > I first used the keys that include my public hostname (i.e., the ones that I > have been using all along on Ubuntu 8.04LTS). > > > > exim4 -bd -d+tls -oX 127.0.0.1.587 -tls-on-connect > > gnutls-cli -p 587 127.0.0.1 > > > > I got the following: > > > > Resolving '127.0.0.1'... > > Connecting to '127.0.0.1:587'... > > - Successfully sent 0 certificate(s) to server. > > - Ephemeral Diffie-Hellman parameters > > - Using prime: 1024 bits > > - Secret key: 1023 bits > > - Peer's public key: 1021 bits > > - Server has requested a certificate. > > - Certificate type: X.509 > > - Got a certificate list of 1 certificates. > > - Certificate[0] info: > > - subject `C=US,O=My Org,OU=My > Unit,L=MyCity,ST=MyState,CN=MyHostname,EMAIL=MyEmail', issuer > `C=US,O=MyCA,OU=MyCAUnit,L=MyCity,ST=MyCity,CN=MyHostName,EMAIL=MyEmail', > RSA key 1024 bits, signed using RSA-SHA, activated `ADateIn2008', expires > `ADateIn2011', SHA-1 fingerprint `ABunchOfLettersAndNumbers' > > - The hostname in the certificate does NOT match '127.0.0.1' > > > > So, I then generated a new exim.crt and exim.key using exim-gencert and > configured exim to use those (just for this following test) and set the CN > to 127.0.0.1 > > > > Then did gnutls-cli -p 587 127.0.0.1 again and this time a connected with a > successful gnutls_handshake. > > > > I tried using various values for the CN in subsequent exim.crt and exim.keys > but still get the same error message in Outlook. > > > > Were there any changes between 8.04 LTS and 9.10 that would cause this > behavior Any ideas? > > > > I would greatly appreciate help on this. > > > > Thank you > > > -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
