[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SSL at SMTP client works now (CVS after 2.99.52patch1)
At the receiving side the resulting header looks like this:
Received: from mea.tmt.tele.fi ([194.252.70.162]:4212 "EHLO mea.tmt.tele.fi"
ident: "NO-IDENT-SERVICE[2]" smtp-auth: <none> TLS-CIPHER:
"DES-CBC3-SHA keybits 192/192 version TLSv1/SSLv3") by nic.funet.fi
with ESMTP id <S43028AbQABK5o>; Sun, 2 Jan 2000 12:57:44 +0200
At the sending side the verbose "mail -v" transcript tells me:
Connecting to nic.funet.fi [193.166.0.145|25] port 25
220 nic.funet.fi ZMailer Server 2.99.52-patch1 #33 ESMTP+IDENT ready at Sun, 2 Jan 2000 13:02:54 +0200
EHLO mea.tmt.tele.fi
smtp_sfwrite() to write 22 bytes
250-nic.funet.fi Hello mea.tmt.tele.fi
250-SIZE 0
250-8BITMIME
250-PIPELINING
250-CHUNKING
250-ENHANCEDSTATUSCODES
250-EXPN
250-VRFY
250-DSN
250-X-RCPTLIMIT 10000
250-STARTTLS
250-ETRN
250 HELP
STARTTLS
smtp_sfwrite() to write 10 bytes
220 Ready to start TLS
TLS mode running successfully!
TLS cipher: DES-CBC3-SHA
TLS protocol: TLSv1
TLS cipher bits: 192 in use: 192
TLS peer cert name: /C=FI/O=FUNET/CN=nic.funet.fi/Email=root@nic.funet.fi
TLS peer cert issuer name: /C=FI/CN=Matti Aarnio/Email=matti.aarnio@sonera.fi
EHLO mea.tmt.tele.fi
smtp_sfwrite() to write 22 bytes
250-nic.funet.fi Hello mea.tmt.tele.fi
250-SIZE 0
250-8BITMIME
250-PIPELINING
250-CHUNKING
250-ENHANCEDSTATUSCODES
250-EXPN
250-VRFY
250-DSN
250-X-RCPTLIMIT 10000
250-AUTH=LOGIN
250-AUTH LOGIN
250-ETRN
250 HELP
EHLO response flags = 0x3f, rcptlimit=10000, sizeopt=0
Notable things here are:
- STARTTLS disappears from EHLO capabilities when the
socket is running in TLS mode
- "AUTH LOGIN" appears at the same time :)
- Certificates I cooked up myself..
Nice, now anybody can add "-S ${MAILSHARE}/smtp-tls.conf"
option to the command= lines of all SMTP clauses, and
use *opportunistic* SMTP encryption.
(Presuming you have TLS setup for smtpserver, the default
smtp-tls.conf uses same certificates for sending.)
/Matti Aarnio