January 2007 Archives


A good command for testing if your TLS setup works in exim4 is:

swaks -s insert.host.name.here -tls -q ehlo

It goes something like this.

~$ swaks -s insert.host.name.here -tls -q ehlo
=== Trying insert.host.name.here:25...
=== Connected to insert.host.name.here.
<- 220 insert.host.name.here ESMTP Exim 4.50 Sun, 21 Jan 2007 20:29:30 +0000
-> EHLO debian
<- 250-insert.host.name.here Hello somewhere.com [81.107.112.224]
<- 250-SIZE 52428800
<- 250-PIPELINING
<- 250-AUTH PLAIN_TEXT LOGIN
<- 250-STARTTLS
<- 250 HELP
-> STARTTLS
<- 220 TLS go ahead
=== TLS started w/ cipher DHE-RSA-AES256-SHA
~> EHLO debian
<~ 250-insert.host.name.here Hello cpc2-cable.ntl.com [8.0.1.4]
<~ 250-SIZE 52428800
<~ 250-PIPELINING
<~ 250-AUTH PLAIN_TEXT LOGIN
<~ 250 HELP
~> QUIT
<~ 221 insert.host.name.here closing connection

Add to delicious Digg This Add to My Yahoo! Add to Google Add to StumbleUpon
| | Comments (0)

If you get the above when inspecting the putput from your SMTP server then you most likely have something inspecting your SMTP or ESMTP traffic. In my case it was a CISC0 851 router. I believe a most CISCO gear especially PIX firewalls are culprits for this. Below is what I was getting:

250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN_TEXT LOGIN
250-XXXXXXXA
250 XXXB
starttls
500 unrecognized command

If you want to see a genuine output from a server try the following.

debian:~# telnet YOURSERVER.COM 25
Trying 8.8.8.9...
Connected to YOURSERVER.COM.
Escape character is '^]'.
220 YOURSERVER.COM ESMTP Exim 4.5 Sun, 21 Jan 2007 19:16:18 +0000

When you see the above, enter:

EHLO [10.10.10.8]

and the following will be the output.

250-YOURSERVER.COM Hello me.org [81.107.112.224]
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN_TEXT LOGIN
250-STARTTLS
250 HELP

Then type:

STARTTLS

to see.

220 TLS go ahead

This means your encrypted link to the server is working.

Have fun.

Add to delicious Digg This Add to My Yahoo! Add to Google Add to StumbleUpon
| | Comments (0)

If you get the following error when testing TLS.

TLS error on connection from ... (DH params import): Base64 decoding error.

Regenerate your /var/spool/exim4/gnutls-params file. You may have upgraded exim and it can no longer read the file. See:

http://www.mail-archive.com/exim-dev@exim.org/msg01219.html

Add to delicious Digg This Add to My Yahoo! Add to Google Add to StumbleUpon
| | Comments (0)