On Sep 1, 2004, at 12:38 AM, Peter Savitch wrote:
> EHLO (not HELO) must be given by client before AUTH.
>
> That is, AUTH command could not be used unless advertised (through
> EHLO,
> according to auth_advertise, etc). This behavior was hardened in Exim
> 4.20 and is not an option.
>
> First, check you confs once again for correct advertising.
It advertises it and the client does an EHLO but then the client tries
a HELO so something is not working in the conversation or something.
The client works fine when the TLS stuff is not running and it works
fine using the same exim conf talking to another server I have with
TLS. It is related to my upgrade somehow, even though the exim
installation was not touched in the upgrade.
Here is a complete debug run from the server side showing what is going
on.
7333 Connection request from 67.161.247.57 port 57814
7333 1 SMTP accept process running
7333 Listening...
4655 sender_fullhost = [67.161.247.57]
4655 sender_rcvhost = [67.161.247.57]
4655 Process 4655 is handling incoming connection from [67.161.247.57]
4655 checking for IP options
4655 no IP options found
4655 host in host_lookup? no (option unset)
4655 set_process_info: 4655 handling incoming connection from
[67.161.247.57]
4655 host in host_reject_connection? no (option unset)
4655 host in sender_unqualified_hosts? no (option unset)
4655 host in recipient_unqualified_hosts? no (option unset)
4655 host in helo_verify_hosts? no (option unset)
4655 host in helo_try_verify_hosts? no (option unset)
4655 host in helo_accept_junk_hosts? no (option unset)
4655 SMTP>> 220 mail.object.com ESMTP Exim 4.22 Wed, 01 Sep 2004
11:50:23 -0600
4655 Process 4655 is ready for new message
4655 smtp_setup_msg entered
4655 SMTP<< EHLO [192.168.99.66]
4655 [192.168.99.66] in helo_lookup_domains? no (end of list)
4655 sender_fullhost = ([192.168.99.66]) [67.161.247.57]
4655 sender_rcvhost = [67.161.247.57] (helo=[192.168.99.66])
4655 set_process_info: 4655 handling incoming connection from
([192.168.99.66]) [67.161.247.57]
4655 host in pipelining_advertise_hosts? yes (matched "*")
4655 host in auth_advertise_hosts? yes (matched "*")
4655 host in tls_advertise_hosts? yes (matched "*")
4655 SMTP>> 250-mail.object.com Hello [192.168.99.66] [67.161.247.57]
4655 250-SIZE 52428800
4655 250-PIPELINING
4655 250-AUTH PLAIN LOGIN
4655 250-STARTTLS
4655 250 HELP
4655 SMTP<< STARTTLS
4655 tls_certificate file /usr/local/etc/exim_key_cert
4655 tls_privatekey file /usr/local/etc/exim_key_cert
4655 Initialized TLS
4655 host in tls_verify_hosts? no (option unset)
4655 host in tls_try_verify_hosts? no (option unset)
4655 SMTP>> 220 TLS go ahead
4655 Calling SSL_accept
4655 SSL_accept was successful
7333 child 4655 ended: status=0xb
7333 0 SMTP accept processes now running
7333 Listening...
7333 Connection request from 67.161.247.57 port 57817
7333 1 SMTP accept process running
7333 Listening...
4656 sender_fullhost = [67.161.247.57]
4656 sender_rcvhost = [67.161.247.57]
4656 Process 4656 is handling incoming connection from [67.161.247.57]
4656 checking for IP options
4656 no IP options found
4656 host in host_lookup? no (option unset)
4656 set_process_info: 4656 handling incoming connection from
[67.161.247.57]
4656 host in host_reject_connection? no (option unset)
4656 host in sender_unqualified_hosts? no (option unset)
4656 host in recipient_unqualified_hosts? no (option unset)
4656 host in helo_verify_hosts? no (option unset)
4656 host in helo_try_verify_hosts? no (option unset)
4656 host in helo_accept_junk_hosts? no (option unset)
4656 SMTP>> 220 mail.object.com ESMTP Exim 4.22 Wed, 01 Sep 2004
11:50:25 -0600
4656 Process 4656 is ready for new message
4656 smtp_setup_msg entered
4656 SMTP<< HELO [192.168.99.66]
4656 [192.168.99.66] in helo_lookup_domains? no (end of list)
4656 sender_fullhost = ([192.168.99.66]) [67.161.247.57]
4656 sender_rcvhost = [67.161.247.57] (helo=[192.168.99.66])
4656 set_process_info: 4656 handling incoming connection from
([192.168.99.66]) [67.161.247.57]
4656 SMTP>> 250 mail.object.com Hello [192.168.99.66] [67.161.247.57]
4656 SMTP<< AUTH PLAIN XXXXXXX-REDACTED-XXXXXXXX
4656 LOG: smtp_protocol_error MAIN
4656 SMTP protocol error in "AUTH PLAIN XXXXXXX-REDACTED-XXXXXXXX"
H=([192.168.99.66]) [67.161.247.57] AUTH command used when not
advertised
4656 SMTP>> 503 AUTH command used when not advertised
4656 SMTP>> 421 mail.object.com lost input connection
4656 LOG: smtp_connection MAIN
4656 SMTP connection from ([192.168.99.66]) [67.161.247.57] lost
4656 search_tidyup called
7333 child 4656 ended: status=0x100
7333 0 SMTP accept processes now running
7333 Listening...
>
> Second, if an Exim installation serves many broken clients, the patch
> attached could help. Otherwise, one must patch every client.
>
> =cut
> --- src/smtp_in.c.orig Mon May 12 17:39:22 2003
> +++ src/smtp_in.c Fri Jun 20 14:54:05 2003
> @@ -1776,12 +1776,6 @@
> authentication_failed = TRUE;
> cmd_list[CMD_LIST_AUTH].is_mail_cmd = FALSE;
>
> - if (!auth_advertised)
> - {
> - synprot_error(L_smtp_protocol_error, 503, NULL,
> - US"AUTH command used when not advertised");
> - break;
> - }
> if (sender_host_authenticated != NULL)
> {
> synprot_error(L_smtp_protocol_error, 503, NULL,
> @@ -1832,12 +1826,11 @@
> }
>
> /* Search for an authentication mechanism which is configured for
> use
> - as a server and which has been advertised. */
> + as a server */
>
> for (au = auths; au != NULL; au = au->next)
> {
> - if (strcmpic(s, au->public_name) == 0 && au->server &&
> - au->advertised) break;
> + if (strcmpic(s, au->public_name) == 0 && au->server) break;
> }
>
> if (au == NULL)
> =cut
>
> -----Original Message-----
> From: exim-users-bounces@??? [mailto:exim-users-bounces@exim.org]
> On Behalf Of Chad Leigh -- Shire.Net LLC
> Sent: Wednesday, September 01, 2004 2:35 AM
> To: Exim User's Mailing List
> Subject: [exim] "503 AUTH command used when not advertised" problem
>
> Hi
>
> I have a (customer) Linux machine that was working before I "upgraded"
> the Linux from Mandrake 9 to gentoo 2004.2 last night. (The upgrade
> basically was to save away /usr/local som /var stuff some /etc stuff
> and then wipe / /usr /var and install fresh gentoo, put back the saved
> away stuff and run).
>
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> Exim details at http://www.exim.org/ ##