Quoting Rob Ristroph (rgr@???):
> Is there an example config file I can work from ?
I bet there is. But as I understand from your 'problem description' you
are already pretty close...
> -- I noticed the authenticators section in the configuration
> that came with debian, and so I make a
> "*:username:cryptedpass" entry in
> /etc/exim4/passwd.clients, but in testing exim refused to
> relay from outside my network and when I type something
> like "AUTH PLAIN" into a test smtp session ( started using
> the command "exim4 -d -bh 1.2.3.4" ) it says "503 AUTH
> command used when not advertised"
That is because you must first say EHLO host.domain.tld to the server.
It will then respond with all it's capabilities.
Authenticated SMTP is not part of the normal SMTP specs, for as far as I
know. Therefore you must let the server know that you understand
Extended SMTP by using EHLO instead of HELO:
| $ nc aa.bb.cc 25
| 220 aa.bb.cc ESMTP Exim 4.24 Tue, 14 Oct 2003 20:25:06 +0200
| HELO xx.yy.zz
| 250 aa.bb.cc Hello xx.yy.zz [nn.nnn.nnn.nnn]
| QUIT
| $
versus
| $ nc aa.bb.cc 25
| 220 aa.bb.cc ESMTP Exim 4.24 Tue, 14 Oct 2003 20:25:41 +0200
| EHLO xx.yy.zz
| 250-aa.bb.cc Hello xx.yy.zz [nn.nnn.nnn.nnn]
| 250-SIZE 52428800
| 250-PIPELINING
| 250-AUTH PLAIN LOGIN
| 250-STARTTLS
| 250 HELP
| AUTH PLAIN
| 503 TLS encryption required for SMTP AUTH
| $
I don't really know why exim refuses to allow AUTH when not advertised,
but I bet it has it's purposes. Probably RFC compliancy, and I think
it's a good thing. ;)
> -- If I try to send without using the AUTH, it says relay not
> allowed
And that is correct. Please don't change that ;)
> -- I set "domainlist relay_to_domains = *" and then tested
> myself by telneting to relay-test.mail-abuse.org,
> discovered I appeared to be openly relaying, and hastily
> backed that out.
Yes. That is a bad thing. Don't ever do that again ;)
Sander.
--
| For every action, there is an equal and opposite government program.
| 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D
