Re: [exim] "503 AUTH command used when not advertised" probl…

Góra strony
Delete this message
Reply to this message
Autor: Fred Viles
Data:  
Dla: exim-users
Temat: Re: [exim] "503 AUTH command used when not advertised" problem
On 1 Sep 2004 at 11:55, Chad Leigh -- Shire.Net LLC wrote about
    "Re: [exim] "503 AUTH command used w":


| On Sep 1, 2004, at 12:38 AM, Peter Savitch wrote:
|
| > EHLO (not HELO) must be given by client before AUTH.


and after STARTTLS.

| > That is, AUTH command could not be used unless advertised (through
| > EHLO,
| > according to auth_advertise, etc). This behavior was hardened in Exim
| > 4.20 and is not an option.
| >
| > First, check you confs once again for correct advertising.
|
| It advertises it and the client does an EHLO but then the client tries
| a HELO so something is not working in the conversation or something.


A successfull STARTTLS resets the session as if it were a new
connection (which it is, in a sense). The EHLO and response from
that preceded the STARTTLS negotiation are not applicable any more.
After successfull negotiation, the server returns a new welcome
banner and the client sends a fresh HELO/EHLO.

Your client is choosing to send HELO instead of EHLO. That is not in
exim's control.

| The client works fine when the TLS stuff is not running


Because it sends EHLO before STARTTLS.

| and it works
| fine using the same exim conf talking to another server I have with
| TLS.


What version of exim is running on that server? 4.10?

I see you're running 4.22 on the upgraded system. Peter already
mentioned that, prior to 4.20, exim would honor an AUTH request even
if it hadn't advertised it.

| It is related to my upgrade somehow, even though the exim
| installation was not touched in the upgrade.


Hmmm. Question your assumptions.

| Here is a complete debug run from the server side showing what is going
| on.


Indeed. Trimmed:

|...
| 4655 SMTP>> 220 mail.object.com ESMTP Exim 4.22 Wed, 01 Sep 2004 11:50:23 -0600
| 4655 SMTP<< EHLO [192.168.99.66]
| 4655 SMTP>> 250-mail.object.com Hello [192.168.99.66] [67.161.247.57]
| 4655 250-SIZE 52428800
| 4655 250-PIPELINING
| 4655 250-AUTH PLAIN LOGIN
| 4655 250-STARTTLS
| 4655 250 HELP
| 4655 SMTP<< STARTTLS
| 4655 SMTP>> 220 TLS go ahead


OK, fresh (encrypted) connection starts here:

| 4656 SMTP>> 220 mail.object.com ESMTP Exim 4.22 Wed, 01 Sep 2004 11:50:25 -0600
| 4656 SMTP<< HELO [192.168.99.66]
| 4656 SMTP>> 250 mail.object.com Hello [192.168.99.66] [67.161.247.57]
| 4656 SMTP<< AUTH PLAIN XXXXXXX-REDACTED-XXXXXXXX
| 4656 SMTP>> 503 AUTH command used when not advertised
| 4656 SMTP>> 421 mail.object.com lost input connection


Client doesn't send EHLO, so AUTH is not advertised, so client can't
use AUTH.

- Fred