On Tue, 18 Jun 2002, Jason Ostrom wrote:
>
> I am trying to get SMTP Auth working properly, and I'm now tearing out
> my hair with a problem that looks to be related to my configuration
> file. I've read all of the exim-user archives, documentation, and I'm
> humbled to say this is probably a really obvious problem that I just
> can't see right now. Would appreciate any help.
>
> I've compiled SMTP AUTH support, and have the basic setup for my
> authenticators working so that I can telnet to localhost 25, and run
> the AUTH tests. The problem is when I try to authenticate from other
> hosts, I always get "550 relay not permitted".
>
> To the best of my knowledge, the first step is that the server
> announces a number of authentication mechanisms with EHLO. Well I
> am not seeing this happen when I run in debug, so I think I have a
> misconfiguration in my exim.conf for SMTP AUTH on incoming SMTP connections.
>
> I have the following in my exim.conf:
>
> hostlist host_auth_accept_relay = *
>
> hostlist relay_hosts = 10.1.90.0/24
>
> auth_advertise_hosts = *
>
> This might be overkill, but I also setup an acl_smtp_auth:
>
> check_auth:
> accept hosts = *
> accept hosts = host_auth_accept_relay
> accept encrypted = *
> accept condition = ${if eq{${uc:$smtp_command_argument}}\
> {CRAM-MD5}{yes}{no}}
> deny message = TLS encryption or CRAM-MD5 required
>
>
>
> Using two different mail clients (the Bat or OE, I get relay denied
> and it looks like Exim is not even announcing the authentication mechanisms.
>
> Can anyone help?
>
> Here is the debug from one session:
>
> Connection request from xx.xx.xx.xx port 58200
> 1 SMTP accept process running
> Listening...
> host in rfc1413_hosts? yes (matched "*")
> doing ident callback
> sender_fullhost = [xx.xx.xx.xx]
> sender_rcvhost = [xx.xx.xx.xx]
> Process 26168 is handling incoming connection from [xx.xx.xx.xx]
> checking for IP options
> no IP options found
> host in host_lookup? no (option unset)
> set_process_info: 26168 handling incoming connection from
> [xx.xx.xx.xx]
> host in host_reject_connection? no (option unset)
> host in sender_unqualified_hosts? no (option unset)
> host in recipient_unqualified_hosts? no (option unset)
> host in helo_verify_hosts? no (option unset)
> host in helo_try_verify_hosts? no (option unset)
> host in helo_accept_junk_hosts? no (option unset)
> LOG: smtp_connection MAIN
> SMTP connection from [xx.xx.xx.xx] (TCP/IP connection count = 1)
> SMTP>> 220 mail.domain.com ESMTP Exim 4.05 Tue, 18 Jun 2002 17:03:01 -0500
> Process 26168 is ready for new message
> smtp_setup_msg entered
> SMTP<< XXXX STRIKER
Whats going on here? The sender should be sending an EHLO, SMTP AUTH is
part of ESMTP. Is it sending EHLO? If so, why is you exim rejecting it?
If its sending something else, it (the sender-smtp) is broken.
> LOG: smtp_syntax_error MAIN
> SMTP syntax error in "XXXX STRIKER" H=[xx.xx.xx.xx] unrecognized command
> SMTP>> 500 unrecognized command
> SMTP<< HELO STRIKER
This starts regular SMTP, (not ESMTP), so AUTH will not be supported..
> STRIKER in helo_lookup_domains? no (end of list)
> sender_fullhost = (STRIKER) [xx.xx.xx.xx]
> sender_rcvhost = [xx.xx.xx.xx] (helo=STRIKER)
> set_process_info: 26168 handling incoming connection from (STRIKER)
> [xx.xx.xx.xx]
> SMTP>> 250 mail.domain.com Hello STRIKER [xx.xx.xx.xx]
> SMTP<< MAIL FROM:<jostrom@???>
> SMTP>> 250 OK
> SMTP<< RCPT TO:<justiceguy@???>
> active address justiceguy@???
> local_part=justiceguy domain=pobox.com
> using ACL "check_recipient"
> processing "accept"
> check hosts = :
> host in ":"? no (end of list)
> accept: condition test failed
> processing "accept"
> check domains = +local_domains
> pobox.com in "mail.domain2.com:mail.domain2.net"? no (end of list)
> pobox.com in "+local_domains"? no (end of list)
> cached lookup data = NULL
> accept: condition test failed
> processing "accept"
> check hosts = +relay_hosts
> host in "10.1.90.0/24"? no (end of list)
> host in "+relay_hosts"? no (end of list)
> accept: condition test failed
> processing "deny"
> deny: condition test succeeded
> SMTP>> 550 relay not permitted
> LOG: MAIN REJECT
> H=(STRIKER) [xx.xx.xx.xx] F=<jostrom@???> rejected RCPT <justiceguy@???>: relay not permitted
> SMTP<< QUIT
> SMTP>> 221 mail.domain.com closing connection
> LOG: smtp_connection MAIN
> SMTP connection from (STRIKER) [xx.xx.xx.xx] closed by QUIT
> search_tidyup called
> child 26168 ended: status=0x0
> 0 SMTP accept processes now running
> Listening...
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>
--