Ok, thanks for that tip. Now a Test connection looks like: telnet myserver.de 25 Trying 1.1.1.1... Connected to unix-solution.de. Escape character is '^]'. 220 mail.myserver.de ESMTP Exim 4.80 Wed, 22 Jan 2014 14:39:54 +0100 ehlo localhost 250-mail.myserver.de Hello p578a6f5e.dip0.t-ipconnect.de [1.1.1.2] 250-SIZE 209715200 250-8BITMIME 250-PIPELINING 250-STARTTLS 250 HELP quit 221 mail.myserver.de closing connection Connection closed by foreign host.
did this mean that fist of all the connection is encrypt by starttls? next I have try md5-cram and get the following error: (received and digest are anonymised) 23042 Process 23042 is ready for new message 23042 CRAM-MD5: user name = test 23042 challenge = <[email protected]> 23042 received = eeedc11e000024153d7511183d27acba0caffe11 23042 digest = 55ac3f21b6sdf4570c92e7266e1fge1b94fg7093 23042 LOG: MAIN REJECT 23042 fixed_cram authenticator failed for p578a6f5e.dip0.t-ipconnect.de ([1.1.1.2]) [1.2.1.1] 535 Incorrect authentication data (set_id=test) no one of received or digest are stored in database. the password in the db is saved as md5 hash with a salt. Regards, Basti On 22.01.2014 13:52, Wolfgang Breyha wrote: > On 21/01/14 12:37, basti wrote: >> I have installed Exim4 on my Debian Wheezy. All is running fine. >> Now I try to use "fixed_cram" authenticator for more security. >> [...] >> 250-AUTH LOGIN >> 250-STARTTLS > > Not announcing plaintext AUTH mechs on unencrypted connections would make > your setup much more secure then adding CRAM-MD5;-) > > You can do that by adding > server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}} > to your LOGIN/PLAIN authenticators. > > Start exim with -d-all+auth for debugging. See >> http://exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_command_line.html > for more debugging switches. > > Greetings, Wolfgang > -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
