[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Grant Sewell wrote: > James Fidell wrote: > >> Grant Sewell wrote: >> >> >> >>> I have read /usr/share/doc/exim4-base/README.Debian and done what I >>> think needed doing, and when I run nmap against my server, it now >>> advertises SMTPS on :465, but I cannae get it to actually work (I >>> think). I'm testing it by changing my Thunderbird settings (in a >>> separate profile) and trying to send a message to a GMail account I have. >>> >>> >> What do you mean by "advertises SMTPS on :465"? Just that exim has >> bound the port and is listening? >> >> > Yes. So, I would presume that incoming traffic on :465 would be passed > to whatever is marked as handling :465 traffic (Exim in this case? Or > should it be SSL/TLS/other?) > >>> When using "SSL", I get the following unhelpful error message on >>> Thunderbird: >>> The server may be unavailable or is refusing SMTP connections. >>> >>> When using "TLS", I get the more helpful error: >>> Unable to connect to SMTP server "fileserver" via STARTTLS since it >>> doesn't offer STARTTLS in EHLO response. >>> >>> >> You have tls_advertise_hosts = * in your exim config and have set up the >> key and certificate for exim? >> >> Is there any useful information in the exim logs? >> >> James >> > I have: > > .ifndef MAIN_TLS_ADVERTISE_HOSTS > MAIN_TLS_ADVERTISE_HOSTS = * > tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS > > which is as good as, isn't it? > > I have exim.crt and exim.key in /etc/exim4, so I'm guessing I setup the > key and cert. > > If I try Thunderbird with SSL, I get the following in my /var/log/exim4/main > 2008-11-25 10:19:09 no IP address found for host > gsewell-laptop.thymox\.dyndns\.org (during SMTP connection from [10.0.0.11]) > 2008-11-25 10:19:09 TLS error on connection from [10.0.0.11] (no TLS > server certificate is specified) > > And if I try TLS, I get: > 2008-11-25 10:21:23 no IP address found for host > gsewell-laptop.thymox\.dyndns\.org (during SMTP connection from [10.0.0.11]) > > Grant. Any thoughts? I'm fairly sure the secure IMAP is working OK, but I'd really like to have secure SMTP as well so I don't become an open target on t'Net. Grant. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html