[Exim] troubles at client - relay authentication (rejected R…

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Jonas Meurer
Fecha:  
A: exim-users
Asunto: [Exim] troubles at client - relay authentication (rejected RCPT)
hello,
I've strange problems at using my workstation as client and another
server as relay, both running debians exim 4.3 packages.
I try to authenticate using smtp-auth and tls since my client has a
dynamic ip and so hostname based relaying rules don't work.

My client has this configured in smtp transport section:
remote_smtp:
driver = smtp
hosts_require_auth = DCsmarthost
hosts_require_tls = DCsmarthost
tls_certificate = CONFDIR/exim.crt
tls_privatekey = CONFDIR/exim.key

and in auth section it's configured to allow plaintext auth encrypted
only.

my relay has configured plaintext login and tls support, and has in acl
section:
accept authenticated = *

basicly, this configuration works nice, my client sends the mail to the
relay, using smtp-auth over tls, and the relay accepts. for example
clientlog:
2004-03-13 16:54:52 1B2BTQ-0000ia-1b <= jonas@??? U=jonas \
        P=local S=560
2004-03-13 16:54:54 1B2BTQ-0000ia-1b => mejo@??? R=smarthost \
        T=remote_smtp H=mail.kidns.de [62.75.128.97] \
        X=TLS-1.0:RSA_ARCFOUR_SHA:16 DN="/S=Hessen/L=Bad \
        Nauheim/O=Know-iT/OU=KICMS/CN=kicms.de"
2004-03-13 16:54:54 1B2BTQ-0000ia-1b Completed


mail.kidns.de is my mailserver, and the certification values are listed
correctly.

the relay logs:
mitted
2004-03-13 16:54:59 1B2BTX-0000NV-HR <= jonas@??? \
        H=pd9e9d521.dip0.t-ipconnect.de (nazgul.resivo.net) \
        [217.233.213.33] U=Debian-exim P=asmtp \
        X=TLS-1.0:RSA_ARCFOUR_SHA:16 \
        DN="/C=DE/S=Hessen/O=resivo.net/OU=resivo.net \
        mails/CN=mail.resivo.net" A=plain_server:jonas \
        S=813 id=E1B2BTQ-0000ia-1b@???
2004-03-13 16:55:15 1B2BTX-0000NV-HR => chpasswd@??? \
        R=dnslookup T=remote_smtp H=newsamosa.debian.org \
        [208.185.25.35]
2004-03-13 16:55:15 1B2BTX-0000NV-HR Completed



but another time, without any reason, and regardless of the recipient,
my client tries to connect unencrypted and this time the relay rejects
mail because of rcpt check.
clientlog:

2004-03-13 18:02:13 1B2CWb-0000ju-Mx <= jonas@??? U=jonas \
        P=local S=1381 id=20040313170210.GA2776@???
2004-03-13 18:02:16 1B2CWb-0000ju-Mx ** steinhauer@??? R=smarthost \
        T=remote_smtp: SMTP error from remote mailer after \
        RCPT TO:<steinhauer@???>: host mail.kidns.de \
        [62.75.128.97]: 550 relay not permitted
2004-03-13 18:02:17 1B2CWb-0000ju-Mx Completed


relaylog:
2004-03-13 18:02:23 H=pd9e9d521.dip0.t-ipconnect.de (nazgul.resivo.net) \
        [217.233.213.33] U=Debian-exim F=<jonas@???> \
        rejected RCPT <steinhauer@???>: relay not permitted


but the silliest about that is, that my client just after it has been
rejected, sends an error-mail to the sender, authenicating to the relay
with smtp-auth over tls, as i'd like to do it _everytime_.

does anybody have a glue why my client doesn't send _everything_
encrypted and authenticated but tries to deliver mail unauthenticated to
the relay sometimes, but not for any reliable reason?
i thought that hosts_require_{auth,tls} options set to DCsmarthost in
smtp_auth should guarantee the client to authenticate every time it
delivers mail to relay?

bye
jonas