[Pkg-exim4-users] Exim4 with Exchange and TLS doesn't work

Jan Kesten jan.kesten at web.de
Thu Apr 13 07:58:56 UTC 2006


Hi Marc!

> [You need to be subscribed to post. I manually approved this message.]

Am I not? I subscribed yesterday and confirmed already?
I'll check this :-)

> So you want that Exchange box to authenticate as a client against your
> exim server?

Yes - the Exchange server sits inside the lan and is using my external
exim as smarthost. TLS is only needed to provide secure connections and
not for authenticating (i.e. the Exchange box doesn't have a certificate
of it's own - authentication is done via SMTP-AUTH using exims passwd
file - this is working fine when using unencrypted connetions).

> Kneejerk response: Do you have enough entropy on your exim system?

I think I have since connections via tls are possible with another exim
or MUA supporting smtp via tls at the same time. Only connections from
the Exchange box fail.

> Does Microsoft have an TLS command line client which you could use to
> find out whether the system is able to do proper TLS? Or does Windows
> have something like strace where you could look what exactly the
> exchange is doing?

Very good question - I simply don't know since I don't use M$ if I must
not (I would be very happy if I'm allowed to replace Exchange).

> Can the exchange box deliver successfully to your exim over TLS if you
> allow it to relay via IP address temporarily for testing?

This was one idea I had and I told the admin of the Exchange server to
use IP, but it seems that Exchange does not support IP instead of
hostnames (or he and I don't know how).

> If you compile it yourself, it might be worth to try the later
> packages from unstable, which both have a more current exim and have
> an option to easily switch to OpenSSL via a debian/rules setting.

Gnah, I should have known that earlier - now I created an EDITME file
myself from the stable tree. Not just really simple but not difficult at
all. It's compiling now and I'll report if that worked.

Thanks for quick response,
Jan



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 275 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-exim4-users/attachments/20060413/2b142f3a/signature.pgp


More information about the Pkg-exim4-users mailing list