Re: [exim] Apple mail...

Fri, 14 May 2010 08:32:09 -0700 

John Doe wrote:
> Hi,
> 
> is there a know problem (even though google did not find any) with Apple Mail 
> and SSL...?

There WAS.

Years ago it made assumptions that were not always valid and that it had no 
readily-accessable knobs to alter.

I *beleive* that was fixed around OS X 10.3.X or so - BUT more recently than 5 
years back I plead ignorance, as I always, always, always replace Apple's 
mailer 
with a proper MUA. Usually SeaMonkey's - which is very standards-compliant AND 
easy to adjust.

Not to mention the Mac needs better browsers than wot Apple ships anyway.

> 
> I setup authentication like that:
> 
> 
> tls_advertise_hosts = *
> tls_certificate = /etc/pki/tls/certs/exim.pem
> tls_privatekey = /etc/pki/tls/private/exim.pem
> log_selector = +tls_cipher +tls_peerdn
> 
> tls_on_connect_ports = 465
> 
> PLAIN:
>   driver                     = plaintext
>   public_name                = PLAIN
>   server_prompts             = :
>   server_condition           = ${lookup mysql{AUTH_PLAIN_QUERY}{1}fail}
>   server_advertise_condition = ${if def:tls_cipher}
>   server_set_id              = $auth2
> 
> LOGIN:
>   driver                     = plaintext
>   public_name                = LOGIN
>   server_prompts             = <| Username: | Password:
>   server_condition           = ${lookup mysql{AUTH_LOGIN_QUERY}{1}fail}
>   server_advertise_condition = ${if def:tls_cipher}
>   server_set_id              = $auth1While it works fine with Thunderbird, 
> Apple Mail just stall for 1mn and give up...
> And exim logs just says it failed...
> 
> I also tried (found on some forum):
> 
> server_prompts = "Username:: : Password::"
> 
> But it did not help... any idea?
> 
> Thx,
> JD
> 

Scrap the Apple MUA.

It ain't worth the bother, as it is a lousy MUA anyway, human-interface and 
features-wise.

Any of a half-dozen others - depending on user's prefs - are more useful, and 
all will JFW w/r AUTH.

We've had no problem advising even low/no-expertise users over the phone w/r 
downloading, installing, and configuring login settings with, for example, 
SeaMonkey or Thundermug

Going up to 'root' and rm'ing all vestiges of the Apple Mail and its dodgy and 
exploitable linked-to-everything address book is also a security plus.

YMMV, but the only non-Mac systems on our MTA are 'true' F/OSS *BSD.
so we've been at this for a while....

Bill




-- 
## List details at http://lists.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to