Author: Shawn P. Garbett Date: To: exim-users Subject: Re: [Exim] Auth SMTP Relay
On Thursday 03 April 2003 10:19 am, you wrote: > Shawn P. Garbett wrote:
> > > > I'm pulling my hair out trying to figure out the following. Can
> > > > anyone tell me what I'm missing besides a brain and a clue?
> > > >
> > > > The configuration should allow relaying when authenticated.
> > > >
> > > > I can authenticate on the local domain.
> > >
> > > Authenticate and replay or simply relay without authentication?
> >
> > Authenticate. Relay is disabled outside the localdomain, but I want to
> > allow it for authentiated hosts: The server responded: "relaying to
> > <listman@???> prohibited by administrator "
>
> Yes. But did the AUTH attempt take place?
It did take place, how many times do I have to say that I did it by hand.
>
> > I use the encode perl script for the user/password and do a "AUTH
> > PLAIN [encode64 string here]" It returns success.
> >
> > The only strangeness there is that the encode instructions say do it
> > this way encode '\0user=\0password", It then decodes it as $2 & $3. I
> > have to do it like encode 'user\0password' to get it to work, which
> > decodes as $1 and $2.
>
> Why do you have to do it that way? This is wrong and incorrect.
Because it was the example given in the default Debian config.
>
> Your PLAIN authenticator is broken. Username is in $2 and password
> is in $3, while $1 is always empty. Period.
Okay, I fixed that.
Now compare:
From localhost:
maple:/var/log/exim# exim -bh {IP addr}
**** SMTP testing session as if from host {IP addr}
**** Not for real!
>>> host in host_lookup? no (option unset)
>>> host in host_reject? no (option unset)
>>> host in host_reject_recipients? no (option unset)
>>> host in auth_hosts? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
>>> host in receiver_unqualified_hosts? no (option unset)
>>> host in helo_verify? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset) 220 {domain name} ESMTP Exim 3.36 #1 Thu, 03 Apr 2003 10:27:21 -0600
EHLO localhost >>> localhost in local_domains? yes (matched localhost)
>>> looking up host name for {IP addr}
>>> IP address lookup yielded {domain name}
>>> Alias maple 250-{domain name} Hello {domain name} [{IP addr}]
250-SIZE
250-PIPELINING
250-AUTH PLAIN LOGIN
250 HELP
AUTH PLAIN {encode password here} >>> plain authenticator:
>>> $1 =
>>> $2 = bill
>>> $3 = {password}
>>> expanded string: 1 235 Authentication succeeded
It authenticates from the local domain.
Now coming in from a foreign domain:
Furthur:/home/spg/src# exim -bh {relay IP (was local above)}
**** SMTP testing session as if from host {relay IP}
**** Not for real!
>>> host in host_lookup? yes (*)
>>> looking up host name for {relay IP}
>>> IP address lookup failed
>>> host in host_reject? no (option unset)
>>> host in host_reject_recipients? no (option unset)
>>> host in auth_hosts? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
>>> host in receiver_unqualified_hosts? no (option unset)
>>> host in helo_verify? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset) 220 {foreign IP} ESMTP Exim 3.36 #1 Thu, 03 Apr 2003 10:30:01 -0600
EHLO {foreign domain} >>> {foreign domain} in local_domains? no (end of list) 250-{foreign IP} Hello {foreign domain name} [{exim relay IP}]
250-SIZE
250-PIPELINING
250 HELP
AUTH PLAIN {encoded password here}
504 PLAIN mechanism not supported
Now same question: Why is AUTH not supported outside the local domain?
