Best distro for Exim/Cyrus

Paul O'Rorke paul at tracker-software.com
Thu Feb 20 00:39:31 EST 2014 

Looking at this: 
http://www.exim.org/exim-html-current/doc/html/spec_html/ch-smtp_authentication.html

maybe I should be specifying a client_ parameter for SMTP auth?

Too many changes - tired and need sleep.  Hopefully I'll have something 
clearer in the morning.

*Paul O'Rorke*
Tracker Software Products
paul at tracker-software.com <mailto:paul.ororke at tracker-software.com>

++++++++++++++++++++++++++++++++++++++++++++++++++++++++
PLEASE NOTE : - If you are sending files for us to look at or assist with
these must ALWAYS be wrapped in either a ZIP/RAR or 7z FILE
or they will be removed by our Firewall/Virus management software.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++

**Certified by Microsoft**
"Works with Vista"
PDF-XChange & SDK, Image-XChange
PDF-Tools & SDK, TIFF-XChange & SDK.

Support:
http://tracker-software.com/support/
or
http://www.tracker-software.com/forum/index.php

Download latest Releases
http://www.tracker-software.com/downloads/

On 2/19/2014 9:00 PM, Paul O'Rorke wrote:
> Another strange this.  The encrypted passwords would not be a problem 
> if I could get TLS working, I could auth with *login_sasl_server* but 
> even though exim appears to be advertising STARTTLS none of the MUA 
> clients I've tested recognise the TLS. (Thunderbird and Outlos 2013)
>
> When I use swaks to test the connection I get:
>
>     root at vm-manager:~# swaks -a -tls -q HELO -s
>     chemainus.mjbrownloos.com -au hire -ap '<>'
>     === Trying chemainus.mjbrownloos.com:25...
>     === Connected to chemainus.mjbrownloos.com.
>     <-  220 blmail.chemainus.mjbrownloos.com ESMTP Exim 4.80 Wed, 19
>     Feb 2014 20:57:30 -0800
>      -> EHLO vm-manager.chemaimus.tracker-software.com
>     <-  250-blmail.chemainus.mjbrownloos.com Hello
>     vm-manager.chemaimus.tracker-software.com [192.168.4.254]
>     <-  250-SIZE 52428800
>     <-  250-8BITMIME
>     <-  250-PIPELINING
>     <-  250-STARTTLS
>     <-  250 HELP
>      -> STARTTLS
>     <-  220 TLS go ahead
>     === TLS started w/ cipher DHE-RSA-AES256-SHA
>     === TLS peer subject DN="/C=CA/ST=British
>     Columbia/L=Chemainus/O=MJ Brown Ltd/OU=Brown
>     Loos/CN=blmail.chemainus.mjbrownloos.com"
>      ~> EHLO vm-manager.chemaimus.tracker-software.com
>     <~  250-blmail.chemainus.mjbrownloos.com Hello
>     vm-manager.chemaimus.tracker-software.com [192.168.4.254]
>     <~  250-SIZE 52428800
>     <~  250-8BITMIME
>     <~  250-PIPELINING
>     <~  250-AUTH DIGEST-MD5
>     <~  250 HELP
>      ~> QUIT
>     <~  221 blmail.chemainus.mjbrownloos.com closing connection
>     === Connection closed with remote host.
>
> so why would clients not be able to use TLS?  Auto-config in both 
> clients returns with no TLS options.
>
> confused but determined to get there...
>
> *Paul O'Rorke* Tracker Software Products paul at tracker-software.com 
> <mailto:paul.ororke at tracker-software.com>
>
> On 2/19/2014 8:50 PM, Paul O'Rorke wrote:
>> Hi again guys,
>>
>> thanks for the help thus far.  I have managed to get cyrus talking 
>> with exim to deliver mail (the -a inside the quotes did this) and I 
>> have the cyrus_sasl driver authenticating using DIGEST-MD5:
>>
>>     digest_md5_sasl_server:
>>        driver = cyrus_sasl
>>        public_name = DIGEST-MD5
>>        server_realm = chemainus.mjbrownloos.com
>>        server_set_id = $auth1
>>        .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
>>        server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
>>        .endif
>>
>> I can receive mail OK, exim passes it to cyrus and I can work with 
>> mailboxes in Thunderbird however I don't seem to be able to 
>> authenticate to the SMTP server when sending.  Do I need to specify a 
>> separate auth for sending through SMTP?
>>
>> If I turn on *AUTH_SERVER_ALLOW_NOTLS_PASSWORDS = yes* I can send if 
>> I enable *login_sasl_server* but I'm sending plaintext passwords.  :-(
>>
>> If I turn off *AUTH_SERVER_ALLOW_NOTLS_PASSWORDS = yes* then I cannot 
>> send using *login_sasl_server* because it obviously needs an 
>> encrypted password but I keep getting the message relay not permitted.
>>
>> If I disable login_sasl_server leaving only the 
>> *digest_md5_sasl_server* I still get relay not permitted so it seems 
>> it's not authenticating on send.
>>
>> If it can authenticate for IMAP using *digest_md5_sasl_server* why 
>> would it fail when sending?
>>
>> regards
>>
>> *Paul O'Rorke*
>> Tracker Software Products paul at tracker-software.com 
>> <mailto:paul.ororke at tracker-software.com>
>>
>> On 2/17/2014 12:42 AM, Vladislav Kurz wrote:
>>>
>>> On Saturday 15 of February 2014 00:05:59 Paul O'Rorke wrote:
>>>
>>> > If I don't use any encrypted passwords I can log in, work with
>>>
>>> > mailboxes, receive mail but not send (relay not permitted which I
>>>
>>> > suspect is so as to not be an open relay..?)
>>>
>>> You can always set relay_nets (using "dpkg-reconfigure 
>>> exim4-config") to your local subnet.
>>>
>>> > What do I need to do to authenticate with the cyrus_sasl db? Why would
>>>
>>> > the authenticator driver "cyrus_sasl" not be available? Do I need to
>>>
>>> > enable that somewhere?
>>>
>>> I'm not sure but check if you have installed these packages:
>>>
>>> sasl2-bin, libsasl2-modules and exim4-daemon-heavy (instead of -light).
>>>
>>> > I've read so many conflicting pages I've completely confused myself.
>>>
>>> > Maybe I should be looking at TLS/SSL now...
>>>
>>> If you are on secure net, try setting 
>>> AUTH_SERVER_ALLOW_NOTLS_PASSWORDS = yes (in 
>>> conf.d/main/00_whatever), to allow plaintext auth.
>>>
>>> -- 
>>>
>>> S pozdravem
>>>
>>> Vladislav Kurz
>>>
>>> === WebStep, s.r.o. (Ltd.) ========= a step to the Web ===
>>>
>>> address: Mezirka 1, 602 00 Brno, CZ, tel: +420 548 214 711
>>>
>>> === www.webstep.net ======= vladislav.kurz at webstep.net ===
>>>
>>>
>>>
>>> ----
>>> Cyrus Home Page:http://www.cyrusimap.org/
>>> List Archives/Info:http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>>> To Unsubscribe:
>>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>>
>
>
>
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20140219/f67b7acc/attachment-0001.html

More information about the Info-cyrus mailing list