swaks and TLS

A good command for testing if your TLS setup works in exim4 is:
swaks -s insert.host.name.here -tls -q ehlo
It goes something like this.
~$ swaks -s insert.host.name.here -tls -q ehlo
=== Trying insert.host.name.here:25…
=== Connected to insert.host.name.here.
EHLO debian
<- 250-insert.host.name.here Hello somewhere.com [81.107.112.224]
<- 250-SIZE 52428800
<- 250-PIPELINING
<- 250-AUTH PLAIN_TEXT LOGIN
<- 250-STARTTLS
STARTTLS
EHLO debian
<~ 250-insert.host.name.here Hello cpc2-cable.ntl.com [8.0.1.4]
<~ 250-SIZE 52428800
<~ 250-PIPELINING
<~ 250-AUTH PLAIN_TEXT LOGIN
QUIT
<~ 221 insert.host.name.here closing connection

Please follow or like:

250-XXXXXXXA

If you get the above when inspecting the putput from your SMTP server then you most likely have something inspecting your SMTP or ESMTP traffic. In my case it was a CISC0 851 router. I believe a most CISCO gear especially PIX firewalls are culprits for this. Below is what I was getting:
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN_TEXT LOGIN
250-XXXXXXXA
250 XXXB
starttls
500 unrecognized command
If you want to see a genuine output from a server try the following.
debian:~# telnet YOURSERVER.COM 25
Trying 8.8.8.9…
Connected to YOURSERVER.COM.
Escape character is ‘^]’.
220 YOURSERVER.COM ESMTP Exim 4.5 Sun, 21 Jan 2007 19:16:18 +0000
When you see the above, enter:
EHLO [10.10.10.8]
and the following will be the output.
250-YOURSERVER.COM Hello me.org [81.107.112.224]
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN_TEXT LOGIN
250-STARTTLS
250 HELP
Then type:
STARTTLS
to see.
220 TLS go ahead
This means your encrypted link to the server is working.
Have fun.

Please follow or like:

Base64 decoding error exim4

If you get the following error when testing TLS.
TLS error on connection from … (DH params import): Base64 decoding error.
Regenerate your /var/spool/exim4/gnutls-params file. You may have upgraded exim and it can no longer read the file. See:
http://www.mail-archive.com/exim-dev@exim.org/msg01219.html

Please follow or like: