hello,
I've strange problems at using my workstation as client and another
server as relay, both running debians exim 4.3 packages.
I try to authenticate using smtp-auth and tls since my client has a
dynamic ip and so hostname based relaying rules don't work.
My client has this configured in smtp transport section:
remote_smtp:
driver = smtp
hosts_require_auth = DCsmarthost
hosts_require_tls = DCsmarthost
tls_certificate = CONFDIR/exim.crt
tls_privatekey = CONFDIR/exim.key
and in auth section it's configured to allow plaintext auth encrypted
only.
my relay has configured plaintext login and tls support, and has in acl
section:
accept authenticated = *
basicly, this configuration works nice, my client sends the mail to the
relay, using smtp-auth over tls, and the relay accepts. for example
clientlog:
2004-03-13 16:54:52 1B2BTQ-0000ia-1b <= jonas@??? U=jonas \
P=local S=560
2004-03-13 16:54:54 1B2BTQ-0000ia-1b => mejo@??? R=smarthost \
T=remote_smtp H=mail.kidns.de [62.75.128.97] \
X=TLS-1.0:RSA_ARCFOUR_SHA:16 DN="/S=Hessen/L=Bad \
Nauheim/O=Know-iT/OU=KICMS/CN=kicms.de"
2004-03-13 16:54:54 1B2BTQ-0000ia-1b Completed
mail.kidns.de is my mailserver, and the certification values are listed
correctly.
the relay logs:
mitted
2004-03-13 16:54:59 1B2BTX-0000NV-HR <= jonas@??? \
H=pd9e9d521.dip0.t-ipconnect.de (nazgul.resivo.net) \
[217.233.213.33] U=Debian-exim P=asmtp \
X=TLS-1.0:RSA_ARCFOUR_SHA:16 \
DN="/C=DE/S=Hessen/O=resivo.net/OU=resivo.net \
mails/CN=mail.resivo.net" A=plain_server:jonas \
S=813 id=E1B2BTQ-0000ia-1b@???
2004-03-13 16:55:15 1B2BTX-0000NV-HR => chpasswd@??? \
R=dnslookup T=remote_smtp H=newsamosa.debian.org \
[208.185.25.35]
2004-03-13 16:55:15 1B2BTX-0000NV-HR Completed
but another time, without any reason, and regardless of the recipient,
my client tries to connect unencrypted and this time the relay rejects
mail because of rcpt check.
clientlog:
2004-03-13 18:02:13 1B2CWb-0000ju-Mx <= jonas@??? U=jonas \
P=local S=1381 id=20040313170210.GA2776@???
2004-03-13 18:02:16 1B2CWb-0000ju-Mx ** steinhauer@??? R=smarthost \
T=remote_smtp: SMTP error from remote mailer after \
RCPT TO:<steinhauer@???>: host mail.kidns.de \
[62.75.128.97]: 550 relay not permitted
2004-03-13 18:02:17 1B2CWb-0000ju-Mx Completed
relaylog:
2004-03-13 18:02:23 H=pd9e9d521.dip0.t-ipconnect.de (nazgul.resivo.net) \
[217.233.213.33] U=Debian-exim F=<jonas@???> \
rejected RCPT <steinhauer@???>: relay not permitted
but the silliest about that is, that my client just after it has been
rejected, sends an error-mail to the sender, authenicating to the relay
with smtp-auth over tls, as i'd like to do it _everytime_.
does anybody have a glue why my client doesn't send _everything_
encrypted and authenticated but tries to deliver mail unauthenticated to
the relay sometimes, but not for any reliable reason?
i thought that hosts_require_{auth,tls} options set to DCsmarthost in
smtp_auth should guarantee the client to authenticate every time it
delivers mail to relay?
bye
jonas