[Pkg-exim4-users] Re: configuring an SSL tunnel.

[Marc Haber]

On Sun, Apr 22, 2007 at 09:33:37AM -0700, peasthope at cablelan.net wrote:
> mh> I do not understand what you mean here.
> 
> Only that exim4.readme.html, Section 2.1.4 
> gives the general picture.  That is important 
> for someone trying to understand the 
> configuration process.

Yes, and all information given earlier in the document are more
important to general usage than this general picture is important to
somebody trying to understand the configuration process.

> mh> SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'
> 
> Now I've done the same, except that I am using
> port 587.  Port 465 is assigned to a Cisco 
> proprietary protcol.  Google "site:cisco.com port 465".

TCP/465 is roguely used by all Microsoft clients for SMTP-over-TLS
with TLS on connect. The allocation to cisco happened only a short
time ago, Microsoft doesn't seem to care.

otoh, everybody expects TCP/587 to be e-mail submission via (plain)
SMTP with or without STARTTLS. Using SMTP-over-TLS with TLS on connect
will be a surprise to people who know what they're doing.

> mh> tls_on_connect_ports = 465
> mh> in the main configuration.
> 
> I put "tls_on_connect_ports = 587" at the 
> beginning of the section entitled 
> "### main/03_exim4-config_tlsoptions".

In which file? Are you using split or non-split config?

> mh> What does "does not work" mean?
> 
> A message could and can still be sent from the MUA 
> connected to the LAN where the machine running 
> exim resides.  A message could not be sent through 
> a SSL tunnel initiated at the remote site.

What's the error message of the client, what are the log entries on
the server?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190