Hi,
I encountered a strange problem when using Outlook 2000 to send email
from outside the company to another external mail server thru the Exim
mail server.
There is no problem with Mozilla may be because Mozilla is using Cram-md5.
The problem is when Outlook trying to send email, it start
authentication (as I configured Outlook to enter user namd and password
in the Outgoing Mail Server dialog box). But it doesn't seems to go thru
the Authenticator list, it failed at ACLs instead, then raised an error
"relay not permitted.".
I run out of many possibility, I even tried to add certificate support
to Outlook 2000, but it does not work with SSL smtp. May be need to
further configure Exim to accept SSL smtp auth, but I don't feel
interest in this solution because my client doesn't like this additional
certificate - not convinent. I have also tried to add extra
authenticator (fixed_login with saslauthd), but does not either. It
seems that smtp auth from Outlook 2000 does not know how to auth with
the cyrus-sasl2 authenticator, but again, I m not sure how to verify this.
To me, the smtp auth failed at ACLs is out of my expectation because if
it is successful in authenticator section, it won't go back to the ACLs
for the rest of the ACL checking.
Is the Authenticator failed in this case?
The Authenticator list has the following authentication:
sasl_cram_md5:
driver = cyrus_sasl
public_name = CRAM-MD5
server_set_id = $1
sasl_plain:
driver = cyrus_sasl
public_name = PLAIN
server_set_id = $1
Yes, it is using cyrus-sasl2. And Exim 4.43 is compiled with cyrus-sasl
enabled.
My imapd.conf config file is as follow:
admins: cyrus
allowanonymouslogin: no
allowplainwithouttls: yes
allowplaintext: yes
altnamespace: no
autocreatequota: 10000
configdirectory: /var/db/imap
drachost: localhost
dracinterval: 0
duplicatesuppression: yes
lmtp_overquota_perm_failure: no
#lmtpsocket: /var/spool/postfix/public/lmtp
lmtpsocket: /var/spool/imap/public/lmtp
normalizeuid: yes
partition-default: /var/spool/imap
poptimeout: 10
quotawarn: 90
reject8bit: no
sasl_mech_list: plain login cram-md5 digest-md5
#sasl_mech_list: NTLM
#sasl_ntlm_server: mail.mydom.com
#sasl_pwcheck_method: saslauthd
sasl_pwcheck_method: auxprop
sievedir: /var/imap/sieve
timeout: 30
saslauthd is started as follow:
]# ps -auxww | grep sasl
root 673 0.0 0.2 3788 2116 ?? Is Sun11AM 0:00.01
/usr/local/sbin/saslauthd -a sasldb
cyrus.conf file contains the following lines:
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
# idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/lib/imap/socket
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=0
imaps cmd="imapd -s" listen="imaps" prefork=0
pop3 cmd="pop3d" listen="pop3" prefork=0
pop3s cmd="pop3d -s" listen="pop3s" prefork=0
sieve cmd="timsieved" listen="sieve" prefork=0
# at least one LMTP is required for delivery
#lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/spool/imap/public/lmtp" prefork=0
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/lib/imap/socket/notify"
proto="udp" prefork=1
}
EVENTS {
# this is required
checkpoint cmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd="ctl_deliver -E 3" period=1440
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" period=1440
Your help will be highly appreciated.
Thank you in advance
Sam
