<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">Looking at this:
<a class="moz-txt-link-freetext" href="http://www.exim.org/exim-html-current/doc/html/spec_html/ch-smtp_authentication.html">http://www.exim.org/exim-html-current/doc/html/spec_html/ch-smtp_authentication.html</a><br>
      <br>
      maybe I should be specifying a client_ parameter for SMTP auth?<br>
      <br>
      Too many changes - tired and need sleep.&nbsp; Hopefully I'll have
      something clearer in the morning.<br>
      <div class="moz-signature">
        <div style="font-family:Arial;font-size:12px">
          <p><strong>Paul O&#8217;Rorke</strong><br>
            Tracker Software Products<br>
            <a href="mailto:paul.ororke@tracker-software.com">paul@tracker-software.com</a><br>
          </p>
          <p>
            ++++++++++++++++++++++++++++++++++++++++++++++++++++++++<br>
            PLEASE NOTE : - If you are sending files for us to
            look at or assist with <br>
            these must ALWAYS be wrapped in either a ZIP/RAR or 7z
            FILE <br>
            or they will be removed by our Firewall/Virus management
            software. <br>
            ++++++++++++++++++++++++++++++++++++++++++++++++++++++++<br>
            <br>
            **Certified by Microsoft** <br>
            "Works with Vista" <br>
            PDF-XChange &amp; SDK, Image-XChange<br>
            PDF-Tools &amp; SDK, TIFF-XChange &amp; SDK. <br>
            <br>
            Support: <br>
            <a href="http://tracker-software.com/support/">http://tracker-software.com/support/</a>
            <br>
            or <br>
            <a href="http://www.tracker-software.com/forum/index.php">http://www.tracker-software.com/forum/index.php</a>
          </p>
          <p>
            Download latest Releases <br>
            <a href="http://www.tracker-software.com/downloads/">http://www.tracker-software.com/downloads/</a>
            <br>
          </p>
        </div>
      </div>
      On 2/19/2014 9:00 PM, Paul O'Rorke wrote:<br>
    </div>
    <blockquote cite="mid:53058BF6.7010503@tracker-software.com"
      type="cite">
      <meta content="text/html; charset=ISO-8859-1"
        http-equiv="Content-Type">
      <div class="moz-cite-prefix">Another strange this.&nbsp; The encrypted
        passwords would not be a problem if I could get TLS working, I
        could auth with <b>login_sasl_server</b> but even though exim
        appears to be advertising STARTTLS none of the MUA clients I've
        tested recognise the TLS. (Thunderbird and Outlos 2013)<br>
        <br>
        When I use swaks to test the connection I get:<br>
        <blockquote><tt>root@vm-manager:~# swaks -a -tls -q HELO -s
            chemainus.mjbrownloos.com -au hire -ap '&lt;&gt;'</tt><br>
          <tt>=== Trying chemainus.mjbrownloos.com:25...</tt><br>
          <tt>=== Connected to chemainus.mjbrownloos.com.</tt><br>
          <tt>&lt;-&nbsp; 220 blmail.chemainus.mjbrownloos.com ESMTP Exim
            4.80 Wed, 19 Feb 2014 20:57:30 -0800</tt><br>
          <tt>&nbsp;-&gt; EHLO vm-manager.chemaimus.tracker-software.com</tt><br>
          <tt>&lt;-&nbsp; 250-blmail.chemainus.mjbrownloos.com Hello
            vm-manager.chemaimus.tracker-software.com [192.168.4.254]</tt><br>
          <tt>&lt;-&nbsp; 250-SIZE 52428800</tt><br>
          <tt>&lt;-&nbsp; 250-8BITMIME</tt><br>
          <tt>&lt;-&nbsp; 250-PIPELINING</tt><br>
          <tt>&lt;-&nbsp; 250-STARTTLS</tt><br>
          <tt>&lt;-&nbsp; 250 HELP</tt><br>
          <tt>&nbsp;-&gt; STARTTLS</tt><br>
          <tt>&lt;-&nbsp; 220 TLS go ahead</tt><br>
          <tt>=== TLS started w/ cipher DHE-RSA-AES256-SHA</tt><br>
          <tt>=== TLS peer subject DN="/C=CA/ST=British
            Columbia/L=Chemainus/O=MJ Brown Ltd/OU=Brown
            Loos/CN=blmail.chemainus.mjbrownloos.com"</tt><br>
          <tt>&nbsp;~&gt; EHLO vm-manager.chemaimus.tracker-software.com</tt><br>
          <tt>&lt;~&nbsp; 250-blmail.chemainus.mjbrownloos.com Hello
            vm-manager.chemaimus.tracker-software.com [192.168.4.254]</tt><br>
          <tt>&lt;~&nbsp; 250-SIZE 52428800</tt><br>
          <tt>&lt;~&nbsp; 250-8BITMIME</tt><br>
          <tt>&lt;~&nbsp; 250-PIPELINING</tt><br>
          <tt>&lt;~&nbsp; 250-AUTH DIGEST-MD5</tt><br>
          <tt>&lt;~&nbsp; 250 HELP</tt><br>
          <tt>&nbsp;~&gt; QUIT</tt><br>
          <tt>&lt;~&nbsp; 221 blmail.chemainus.mjbrownloos.com closing
            connection</tt><br>
          <tt>=== Connection closed with remote host.</tt><br>
        </blockquote>
        so why would clients not be able to use TLS?&nbsp; Auto-config in
        both clients returns with no TLS options.&nbsp; <br>
        <br>
        confused but determined to get there...<br>
        <div class="moz-signature">
          <div style="font-family:Arial;font-size:12px">
            <p><strong>Paul O&#8217;Rorke</strong> Tracker Software Products <a
                moz-do-not-send="true"
                href="mailto:paul.ororke@tracker-software.com">paul@tracker-software.com</a>
              <br>
            </p>
          </div>
        </div>
        On 2/19/2014 8:50 PM, Paul O'Rorke wrote:<br>
      </div>
      <blockquote cite="mid:5305898D.20308@tracker-software.com"
        type="cite">
        <meta content="text/html; charset=ISO-8859-1"
          http-equiv="Content-Type">
        <div class="moz-cite-prefix">Hi again guys,<br>
          <br>
          thanks for the help thus far.&nbsp; I have managed to get cyrus
          talking with exim to deliver mail (the -a inside the quotes
          did this) and I have the cyrus_sasl driver authenticating
          using DIGEST-MD5:<br>
          <blockquote><tt>digest_md5_sasl_server:</tt><br>
            <tt> &nbsp;&nbsp; driver = cyrus_sasl</tt><br>
            <tt> &nbsp;&nbsp; public_name = DIGEST-MD5</tt><br>
            <tt> &nbsp;&nbsp; server_realm = chemainus.mjbrownloos.com</tt><br>
            <tt> &nbsp;&nbsp; server_set_id = $auth1</tt><br>
            <tt> &nbsp;&nbsp; .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS</tt><br>
            <tt> &nbsp;&nbsp; server_advertise_condition = ${if
              eq{$tls_cipher}{}{}{*}}</tt><br>
            <tt> &nbsp;&nbsp; .endif</tt><br>
          </blockquote>
          I can receive mail OK, exim passes it to cyrus and I can work
          with mailboxes in Thunderbird however I don't seem to be able
          to authenticate to the SMTP server when sending.&nbsp; Do I need to
          specify a separate auth for sending through SMTP?<br>
          <br>
          If I turn on <b>AUTH_SERVER_ALLOW_NOTLS_PASSWORDS = yes</b> I
          can send if I enable <b>login_sasl_server</b> but I'm sending
          plaintext passwords.&nbsp; :-(<br>
          <br>
          If I turn off <b>AUTH_SERVER_ALLOW_NOTLS_PASSWORDS = yes</b>
          then I cannot send using <b>login_sasl_server</b> because it
          obviously needs an encrypted password but I keep getting the
          message relay not permitted.<br>
          <br>
          If I disable login_sasl_server leaving only the <b>digest_md5_sasl_server</b>
          I still get relay not permitted so it seems it's not
          authenticating on send.<br>
          <br>
          If it can authenticate for IMAP using <b>digest_md5_sasl_server</b>
          why would it fail when sending? <br>
          <br>
          regards<br>
          <div class="moz-signature">
            <div style="font-family:Arial;font-size:12px">
              <p><strong>Paul O&#8217;Rorke</strong><br>
                Tracker Software Products <a moz-do-not-send="true"
                  href="mailto:paul.ororke@tracker-software.com">paul@tracker-software.com</a><br>
                <br>
              </p>
            </div>
          </div>
          On 2/17/2014 12:42 AM, Vladislav Kurz wrote:<br>
        </div>
        <blockquote
          cite="mid:201402170942.36271.vladislav.kurz@webstep.net"
          type="cite">
          <meta name="qrichtext" content="1">
          <style type="text/css">
p, li { white-space: pre-wrap; }
</style>
          <p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
            margin-right:0px; -qt-block-indent:0; text-indent:0px;
            -qt-user-state:0;">On Saturday 15 of February 2014 00:05:59
            Paul O'Rorke wrote:</p>
          <p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
            margin-right:0px; -qt-block-indent:0; text-indent:0px;
            -qt-user-state:0;">&gt; If I don't use any encrypted
            passwords I can log in, work with</p>
          <p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
            margin-right:0px; -qt-block-indent:0; text-indent:0px;
            -qt-user-state:0;">&gt; mailboxes, receive mail but not send
            (relay not permitted which I</p>
          <p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
            margin-right:0px; -qt-block-indent:0; text-indent:0px;
            -qt-user-state:0;">&gt; suspect is so as to not be an open
            relay..?)</p>
          <p style="-qt-paragraph-type:empty; margin-top:0px;
            margin-bottom:0px; margin-left:0px; margin-right:0px;
            -qt-block-indent:0; text-indent:0px; ">&nbsp;</p>
          <p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
            margin-right:0px; -qt-block-indent:0; text-indent:0px;
            -qt-user-state:0;">You can always set relay_nets (using
            "dpkg-reconfigure exim4-config") to your local subnet.</p>
          <p style="-qt-paragraph-type:empty; margin-top:0px;
            margin-bottom:0px; margin-left:0px; margin-right:0px;
            -qt-block-indent:0; text-indent:0px; ">&nbsp;</p>
          <p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
            margin-right:0px; -qt-block-indent:0; text-indent:0px;
            -qt-user-state:0;">&gt; What do I need to do to authenticate
            with the cyrus_sasl db? Why would</p>
          <p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
            margin-right:0px; -qt-block-indent:0; text-indent:0px;
            -qt-user-state:0;">&gt; the authenticator driver
            "cyrus_sasl" not be available? Do I need to</p>
          <p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
            margin-right:0px; -qt-block-indent:0; text-indent:0px;
            -qt-user-state:0;">&gt; enable that somewhere?</p>
          <p style="-qt-paragraph-type:empty; margin-top:0px;
            margin-bottom:0px; margin-left:0px; margin-right:0px;
            -qt-block-indent:0; text-indent:0px; ">&nbsp;</p>
          <p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
            margin-right:0px; -qt-block-indent:0; text-indent:0px;
            -qt-user-state:0;">I'm not sure but check if you have
            installed these packages:</p>
          <p style="-qt-paragraph-type:empty; margin-top:0px;
            margin-bottom:0px; margin-left:0px; margin-right:0px;
            -qt-block-indent:0; text-indent:0px; ">&nbsp;</p>
          <p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
            margin-right:0px; -qt-block-indent:0; text-indent:0px;
            -qt-user-state:0;">sasl2-bin, libsasl2-modules and
            exim4-daemon-heavy (instead of -light).</p>
          <p style="-qt-paragraph-type:empty; margin-top:0px;
            margin-bottom:0px; margin-left:0px; margin-right:0px;
            -qt-block-indent:0; text-indent:0px; ">&nbsp;</p>
          <p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
            margin-right:0px; -qt-block-indent:0; text-indent:0px;
            -qt-user-state:0;">&gt; I've read so many conflicting pages
            I've completely confused myself.</p>
          <p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
            margin-right:0px; -qt-block-indent:0; text-indent:0px;
            -qt-user-state:0;">&gt; Maybe I should be looking at TLS/SSL
            now...</p>
          <p style="-qt-paragraph-type:empty; margin-top:0px;
            margin-bottom:0px; margin-left:0px; margin-right:0px;
            -qt-block-indent:0; text-indent:0px; ">&nbsp;</p>
          <p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
            margin-right:0px; -qt-block-indent:0; text-indent:0px;
            -qt-user-state:0;">If you are on secure net, try setting
            AUTH_SERVER_ALLOW_NOTLS_PASSWORDS = yes (in
            conf.d/main/00_whatever), to allow plaintext auth.</p>
          <p style="-qt-paragraph-type:empty; margin-top:0px;
            margin-bottom:0px; margin-left:0px; margin-right:0px;
            -qt-block-indent:0; text-indent:0px; ">&nbsp;</p>
          <p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
            margin-right:0px; -qt-block-indent:0; text-indent:0px;
            -qt-user-state:0;">-- </p>
          <p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
            margin-right:0px; -qt-block-indent:0; text-indent:0px;
            -qt-user-state:0;">S pozdravem</p>
          <p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
            margin-right:0px; -qt-block-indent:0; text-indent:0px;
            -qt-user-state:0;"> Vladislav Kurz</p>
          <p style="-qt-paragraph-type:empty; margin-top:0px;
            margin-bottom:0px; margin-left:0px; margin-right:0px;
            -qt-block-indent:0; text-indent:0px; ">&nbsp;</p>
          <p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
            margin-right:0px; -qt-block-indent:0; text-indent:0px;
            -qt-user-state:0;">=== WebStep, s.r.o. (Ltd.) ========= a
            step to the Web ===</p>
          <p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
            margin-right:0px; -qt-block-indent:0; text-indent:0px;
            -qt-user-state:0;">address: Mezirka 1, 602 00 Brno, CZ, tel:
            +420 548 214 711</p>
          <p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
            margin-right:0px; -qt-block-indent:0; text-indent:0px;
            -qt-user-state:0;">=== <a moz-do-not-send="true"
              class="moz-txt-link-abbreviated"
              href="http://www.webstep.net">www.webstep.net</a> =======
            <a moz-do-not-send="true" class="moz-txt-link-abbreviated"
              href="mailto:vladislav.kurz@webstep.net">vladislav.kurz@webstep.net</a>
            ===</p>
          <p style="-qt-paragraph-type:empty; margin-top:0px;
            margin-bottom:0px; margin-left:0px; margin-right:0px;
            -qt-block-indent:0; text-indent:0px; ">&nbsp;</p>
          <p style="-qt-paragraph-type:empty; margin-top:0px;
            margin-bottom:0px; margin-left:0px; margin-right:0px;
            -qt-block-indent:0; text-indent:0px; ">&nbsp;</p>
          <br>
          <fieldset class="mimeAttachmentHeader"></fieldset>
          <br>
          <pre wrap="">----
Cyrus Home Page: <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.cyrusimap.org/">http://www.cyrusimap.org/</a>
List Archives/Info: <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.andrew.cmu.edu/pipermail/info-cyrus/">http://lists.andrew.cmu.edu/pipermail/info-cyrus/</a>
To Unsubscribe:
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus">https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus</a></pre>
        </blockquote>
        <br>
      </blockquote>
      <br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">----
Cyrus Home Page: <a class="moz-txt-link-freetext" href="http://www.cyrusimap.org/">http://www.cyrusimap.org/</a>
List Archives/Info: <a class="moz-txt-link-freetext" href="http://lists.andrew.cmu.edu/pipermail/info-cyrus/">http://lists.andrew.cmu.edu/pipermail/info-cyrus/</a>
To Unsubscribe:
<a class="moz-txt-link-freetext" href="https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus">https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus</a></pre>
    </blockquote>
    <br>
  </body>
</html>