This is a multi-part message in MIME format.
--
Hi,
I've installed exim-tls and set it up to be able to relay their mails
but only once their're authenticated. It work just fine with mozilla
clients and I get this in the mainlog:
2004-02-06 00:40:01 1Aot6H-0000dk-00 <= gianpaolo.fasoli@???
H=(ygeneration.it) [1.85.2.73] P=asmtp X=TLSv1:RC4-MD5:128
A=fixed_plain:ph10 S=
841 id=4022D433.5040401@???
2004-02-06 00:40:01 1Aot6H-0000dk-00 => gfasoli@??? R=send_to_relay
T=remote_smtp H=relay.fastweb.it [213.140.2.38]
2004-02-06 00:40:01 1Aot6H-0000dk-00 Completed
Nevertheless, MS Outlook users can't use my new relay. This is the error
I get in the mainlog:
2004-02-06 15:45:18 refused relay (host) to <gfasoli@???> from
<gianpaolo.fasoli@???> H=(gianpaolo) [1.55.212.142]
As you can see it is not an authentication problem. The thing is, I
don't understand why I'm getting this error message since Exim should
authorize authenticated users to relay mail.
Do you have any idea of what is wrong with my config or is their any
known issue of exim and the outlook client?
===============
OTHER INFO
===============
zim:/home/gf# dpkg -l | grep exim
rc exim 3.35-1woody2 An MTA (Mail Transport Agent)
ii exim-tls 3.35-3woody1 Exim Mailer - with TLS (SSL) support
zim:/home/gf# md5sum /usr/sbin/exim
ced67d6db5f9fa7e78b3f072e40af5a0 /usr/sbin/exim
zim:/home/gf# grep exim /etc/inetd.conf
smtp stream tcp nowait mail /usr/sbin/exim exim -bs
===============
===============
I've also attached my exim.conf file.
Thanks in advance.
--
Gianpaolo Fasoli
--
# This is the main exim configuration file.
# It was originally generated by `eximconfig', part of the exim package
# distributed with Debian, but it may edited by the mail system administrator.
# This file originally generated by eximconfig at Sat Nov 15 20:02:58 CET 2003
# See exim info section for details of the things that can be configured here.
# Please see the manual for a complete list
# of all the runtime configuration options that can be included in a
# configuration file.
# This file is divided into several parts, all but the last of which are
# terminated by a line containing the word "end". The parts must appear
# in the correct order, and all must be present (even if some of them are
# in fact empty). Blank lines, and lines starting with # are ignored.
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
# Specify the domain you want to be added to all unqualified addresses
# here. Unqualified addresses are accepted only from local callers by
# default. See the receiver_unqualified_{hosts,nets} options if you want
# to permit unqualified addresses from remote sources. If this option is
# not set, the primary_hostname value is used for qualification.
qualify_domain = zim
smtp_banner = ESMTP
# If you want unqualified recipient addresses to be qualified with a different
# domain to unqualified sender addresses, specify the recipient domain here.
# If this option is not set, the qualify_domain value is used.
# qualify_recipient =
# Specify your local domains as a colon-separated list here. If this option
# is not set (i.e. not mentioned in the configuration file), the
# qualify_recipient value is used as the only local domain. If you do not want
# to do any local deliveries, uncomment the following line, but do not supply
# any data for it. This sets local_domains to an empty string, which is not
# the same as not mentioning it at all. An empty string specifies that there
# are no local domains; not setting it at all causes the default value (the
# setting of qualify_recipient) to be used.
local_domains = localhost:zim
# Allow mail addressed to our hostname, or to our IP address.
local_domains_include_host = true
local_domains_include_host_literals = true
# Domains we relay for; that is domains that aren't considered local but we
# accept mail for them.
#relay_domains =
# If this is uncommented, we accept and relay mail for all domains we are
# in the DNS as an MX for.
#relay_domains_include_local_mx = true
# No local deliveries will ever be run under the uids of these users (a colon-
# separated list). An attempt to do so gets changed so that it runs under the
# uid of "nobody" instead. This is a paranoic safety catch. Note the default
# setting means you cannot deliver mail addressed to root as if it were a
# normal user. This isn't usually a problem, as most sites have an alias for
# root that redirects such mail to a human administrator.
# However, you chose not to have such an alias, so this is commented out
#never_users = root
# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.
##host_lookup = *
# The setting below would, if uncommented, cause Exim to check the syntax of
# all the headers that are supposed to contain email addresses (To:, From:,
# etc). This reduces the level of bounced bounces considerably.
# headers_check_syntax
# Exim contains support for the Realtime Blocking List (RBL), and the many
# similar services that are being maintained as part of the DNS. See
#
http://www.mail-abuse.org/ for background. The line below, if uncommented,
# will reject mail from hosts in the RBL, and add warning headers to mail
# from hosts in a list of dynamic-IP dialups. Note that MAPS may charge
# for this service.
#rbl_domains = rbl.mail-abuse.org/reject : dialups.mail-abuse.org/warn
#
http://www.rfc-ignorant.org is another interesting site with a number of
# services you can use with the rbl_domains option
# The setting below allows your host to be used as a mail relay only by
# localhost: it locks out the use of your host as a mail relay by any
# other host. See the section of the manual entitled "Control of relaying"
# for more info.
host_accept_relay = 127.0.0.1 : ::::1
# This setting allows anyone who has authenticated to use your host as a
# mail relay. To use this you will need to set up some authenticators at
# the end of the file
host_auth_accept_relay = *
# If you want Exim to support the "percent hack" for all your local domains,
# uncomment the following line. This is the feature by which mail addressed
# to x%y@z (where z is one of your local domains) is locally rerouted to
# x@y and sent on. Otherwise x%y is treated as an ordinary local part
# percent_hack_domains=*
# If this option is set, then any process that is running as one of the
# listed users may pass a message to Exim and specify the sender's
# address using the "-f" command line option, without Exim's adding a
# "Sender" header.
trusted_users = mail
# If this option is true, the SMTP command VRFY is supported on incoming
# SMTP connections; otherwise it is not.
smtp_verify = false
# Some operating systems use the "gecos" field in the system password file
# to hold other information in addition to users' real names. Exim looks up
# this field when it is creating "sender" and "from" headers. If these options
# are set, exim uses "gecos_pattern" to parse the gecos field, and then
# expands "gecos_name" as the user's name. $1 etc refer to sub-fields matched
# by the pattern.
gecos_pattern = ^([^,:]*)
gecos_name = $1
# This sets the maximum number of messages that will be accepted in one
# connection and immediately delivered. If one connection sends more
# messages than this, any further ones are accepted and queued but not
# delivered. The default is 10, which is probably enough for most purposes,
# but is too low on dialup SMTP systems, which often have many more mails
# queued for them when they connect.
smtp_accept_queue_per_connection = 100
# Send a mail to the postmaster when a message is frozen. There are many
# reasons this could happen; one is if exim cannot deliver a mail with no
# return address (normally a bounce) another that may be common on dialup
# systems is if a DNS lookup of a smarthost fails. Read the documentation
# for more details: you might like to look at the auto_thaw option
freeze_tell_mailmaster = true
# This string defines the contents of the \`Received' message header that
# is added to each message, except for the timestamp, which is automatically
# added on at the end, preceded by a semicolon. The string is expanded each
# time it is used.
received_header_text = "Received: \
${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\
{${if def:sender_ident {from ${sender_ident} }}\
${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}\
by ${primary_hostname} \
${if def:received_protocol {with ${received_protocol}}} \
${if def:tls_cipher {(tls_cipher ${tls_cipher})}} \
${if def:tls_peerdn {(tls_peerdn ${tls_peerdn})}} \
id ${message_id}\
${if def:received_for {\n\tfor <$received_for>}}"
# Attempt to verify recipient address before receiving mail, so that mails
# to invalid addresses are rejected rather than accepted and then bounced.
# Apparently some spammers are abusing servers that accept and then bounce
# to send bounces containing their spam to people.
receiver_try_verify = true
# This would make exim advertise the 8BIT-MIME option. According to
# RFC1652, this means it will take an 8bit message, and ensure it gets
# delivered correctly. exim won't do this: it is entirely 8bit clean
# but won't do any conversion if the next hop isn't. Therefore, if you
# set this option you are asking exim to lie and not be RFC
# compliant. But some people want it.
#accept_8bitmime = true
# This will cause it to accept mail only from the local interface
#local_interfaces = 127.0.0.1
# If this next line is uncommented, any user can see the mail queue
# by using the mailq command or exim -bp.
#queue_list_requires_admin = false
#
tls_advertise_hosts=*
tls_log_cipher=true
tls_log_peerdn=true
tls_certificate = /etc/exim/cert
tls_privatekey = /etc/exim/key
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
# This transport is used for local delivery to user mailboxes. On debian
# systems group mail is used so we can write to the /var/spool/mail
# directory. (The alternative, which most other unixes use, is to deliver
# as the user's own group, into a sticky-bitted directory)
local_delivery:
driver = appendfile
group = mail
mode = 0660
mode_fail_narrower = false
envelope_to_add = true
return_path_add = true
file = /var/spool/mail/${local_part}
# This transport is used for handling pipe addresses generated by
# alias or .forward files. If the pipe generates any standard output,
# it is returned to the sender of the message as a delivery error. Set
# return_fail_output instead if you want this to happen only when the
# pipe fails to complete normally.
address_pipe:
driver = pipe
path = /usr/bin:/bin:/usr/local/bin
return_output
# This transport is used for handling file addresses generated by alias
# or .forward files.
address_file:
driver = appendfile
envelope_to_add = true
return_path_add = true
# This transport is used for handling file addresses generated by alias
# or .forward files if the path ends in "/", which causes it to be treated
# as a directory name rather than a file name. Each message is then delivered
# to a unique file in the directory. If instead you want all such deliveries to
# be in the "maildir" format that is used by some other mail software,
# uncomment the final option below. If this is done, the directory specified
# in the .forward or alias file is the base maildir directory.
#
# Should you want to be able to specify either maildir or non-maildir
# directory-style deliveries, then you must set up yet another transport,
# called address_directory2. This is used if the path ends in "//" so should
# be the one used for maildir, as the double slash suggests another level
# of directory. In the absence of address_directory2, paths ending in //
# are passed to address_directory.
address_directory:
driver = appendfile
no_from_hack
prefix = ""
suffix = ""
# maildir_format
# This transport is used for handling autoreplies generated by the filtering
# option of the forwardfile director.
address_reply:
driver = autoreply
# This transport is used for procmail
procmail_pipe:
driver = pipe
command = "/usr/bin/procmail"
return_path_add
delivery_date_add
envelope_to_add
# check_string = "From "
# escape_string = ">From "
suffix = ""
# This transport is used for delivering messages over SMTP connections.
remote_smtp:
driver = smtp
# authenticate_hosts = smarthost.isp.com
remote_tlssmtp:
driver = smtp
hosts_require_tls=*
authenticate_hosts=*
#auth_over_tls_hosts = *
# To use SMTP AUTH when sending to a particular host, such as your ISP's
# smarthost, uncomment and edit the above line, and also the example
# client-side authenticators at the bottom of the file
headers_remove = X-Mailer:User-Agent:X-MimeOLE
#remove_headers = X-Mailer:User-Agent:X-MimeOLE
######################################################################
# DIRECTORS CONFIGURATION #
# Specifies how local addresses are handled #
######################################################################
# ORDER DOES MATTER #
# A local address is passed to each in turn until it is accepted. #
######################################################################
# This allows local delivery to be forced, avoiding alias files and
# forwarding.
real_local:
prefix = real-
driver = localuser
transport = local_delivery
# This director handles aliasing using a traditional /etc/aliases file.
# If any of your aliases expand to pipes or files, you will need to set
# up a user and a group for these deliveries to run under. You can do
# this by uncommenting the "user" option below (changing the user name
# as appropriate) and adding a "group" option if necessary.
system_aliases:
driver = aliasfile
file_transport = address_file
pipe_transport = address_pipe
file = /etc/aliases
search_type = lsearch
# user = list
# Uncomment the above line if you are running smartlist
# This director handles forwarding using traditional .forward files.
# It also allows mail filtering when a forward file starts with the
# string "# Exim filter": to disable filtering, uncomment the "filter"
# option. The check_ancestor option means that if the forward file
# generates an address that is an ancestor of the current one, the
# current one gets passed on instead. This covers the case where A is
# aliased to B and B has a .forward file pointing to A.
# For standard debian setup of one group per user, it is acceptable---normal
# even---for .forward to be group writable. If you have everyone in one
# group, you should comment out the "modemask" line. Without it, the exim
# default of 022 will apply, which is probably what you want.
userforward:
driver = forwardfile
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
no_verify
check_ancestor
check_local_user
file = .forward
modemask = 002
filter
# This director runs procmail for users who have a .procmailrc file
procmail:
driver = localuser
transport = procmail_pipe
require_files = ${local_part}:+${home}:+${home}/.procmailrc:+/usr/bin/procmail
no_verify
# This director matches local user mailboxes.
localuser:
driver = localuser
transport = local_delivery
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how remote addresses are handled #
######################################################################
# ORDER DOES MATTER #
# A remote address is passed to each in turn until it is accepted. #
######################################################################
# Remote addresses are those with a domain that does not match any item
# in the "local_domains" setting above.
# This router routes to remote hosts over SMTP using a DNS lookup with
# default options.
send_to_relay:
driver = domainlist
transport = remote_smtp
route_list = * relay.fastweb.it byname
lookuphost:
driver = lookuphost
transport = remote_smtp
# This router routes to remote hosts over SMTP by explicit IP address,
# given as a "domain literal" in the form [nnn.nnn.nnn.nnn]. The RFCs
# require this facility, which is why it is enabled by default in Exim.
# If you want to lock it out, set forbid_domain_literals in the main
# configuration section above.
literal:
driver = ipliteral
transport = remote_smtp
######################################################################
# RETRY CONFIGURATION #
######################################################################
# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 2 hours and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 8 hours until 4 days have passed since the first
# failed delivery.
# Domain Error Retries
# ------ ----- -------
* * F,2h,15m; G,16h,2h,1.5; F,4d,8h
######################################################################
# REWRITE CONFIGURATION #
######################################################################
# There are no rewriting specifications in this default configuration file.
# This rewriting rule is particularly useful for dialup users who
# don't have their own domain, but could be useful for anyone.
# It looks up the real address of all local users in a file
*@zim ${lookup{$1}lsearch{/etc/email-addresses}\
{$value}fail} frFs
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
# Look in the documentation (in package exim-doc or exim-doc-html for
# information on how to set up authenticated connections.
# The examples below are for server side authentication; they allow two
# styles of plain-text authentication against an /etc/exim/passwd file
# which should have user IDs in the first column and crypted passwords
# in the second.
#auth_over_tls_hosts = *
#fixed_plain:
# driver = plaintext
# public_name = PLAIN
# client_send = ^LOGIN^PASS
# plain:
# driver = plaintext
# public_name = PLAIN
# server_condition = "${if crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{/etc/exim/passwd}{$value}{*:*}}}}}{1}{0}}"
# server_set_id = $1
#
#login:
# driver = plaintext
# public_name = LOGIN
# server_prompts = "Username:: : Password::"
# server_condition = "${if crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{/etc/exim/passwd}{$value}{*:*}}}}}{1}{0}}"
fixed_plain:
driver = plaintext
public_name = PLAIN
server_condition = "${if and {{eq{$2}{ph10}}{eq{$3}{secret}}}{yes}{no}}"
server_set_id = $2
#fixed_login:
# driver = plaintext
# public_name = LOGIN
# server_condition = "${if and {{eq{$1}{ph10}}{eq{$2}{secret}}}{yes}{no}}"
# server_set_id = $1
# These examples below are the equivalent for client side authentication.
# They assume that you only use client side authentication to connect to
# one host (such as a smarthost at your ISP), or else use the same user
# name and password everywhere
# plain:
# driver = plaintext
# public_name = PLAIN
# client_send = "^username^password"
#
# login:
# driver = plaintext
# public_name = LOGIN
# client_send = ": username : password"
#
# cram_md5:
# driver = cram_md5
# public_name = CRAM-MD5
# client_name = username
# client_secret = password
# End of Exim configuration file
--