On 2011-02-23 at 17:45 -0800, WJCarpenter wrote: > My server is configured to advertise authentication only to localhost > and TLS connections. (I can show those configs if it comes to that, but > I don't think it's necessarily relevant.) After configuring his client
I do -- could we please see the authenticators and and setting with "tls" in the name? Including the output of running: % exim -bV % exim -bP | fgrep tls > I know what you are thinking ... something screwy with my > auth_advertise_hosts macro or my server_advertise_condition. I spent a > bunch of time staring that those before I happened to notice this in my > log files: "SMTP command timeout on TLS connection from...." Every > time he connected from his DOS telnet or from his Thunderbird and let > the connection timeout, the Exim log line indicates that the connection > was using TLS. I have plenty of other command timeouts that are not TLS > (my own tests, plus the usual door-knockers). Are you 100% sure that the error message corresponds to the telnet sessions, not just Thunderbird? I suspect something like: tls_on_connect_ports = 465 and Thunderbird configured with SSL, not TLS: this being Mozilla-speak for "encryption on connect, instead of using STARTTLS". > So, my question is ... what could make Exim believe that a certain > connection was using TLS when (as far as I can tell) it really was not? To see that message, the internal variable tls_active must be set >= 0 (to match the file descriptor corresponding to the connection). This means that tls_server_start() has been called, which means that something has happened to enable SSL/TLS. -Phil -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
