RE: [exim] Exim AUTH PLAIN LOGIN CRAM-MD5, what am I doing w…

Pàgina inicial
Delete this message
Reply to this message
Autor: Farhad Shakeri
Data:  
A: 'Mark McRitchie'
CC: exim-users
Assumpte: RE: [exim] Exim AUTH PLAIN LOGIN CRAM-MD5, what am I doing wrong here?


> -----Original Message-----
> From: Mark McRitchie [mailto:Mark.McRitchie@salamis.co.uk]
> Sent: Friday, December 24, 2004 02:19
> To: 'Farhad Shakeri'
> Cc: 'Exim-users'
> Subject: RE: [exim] Exim AUTH PLAIN LOGIN CRAM-MD5, what am I
> doing wrong here?
>
>
> Heya,
>
> > begin acl
> >    acl_check_auth:
> >         accept encrypted = *
> >        deny message = TLS encryption required

>
>
> > AUTH LOGIN AHNwaWF1dGgAc3BpNzY3c3RyZWFt
> > >>> using ACL "acl_check_auth"
> > >>> processing "accept"
> > >>> check encrypted = *
> > >>> accept: condition test failed
> > >>> processing "deny"
> > >>> deny: condition test succeeded
> > 503 TLS encryption required
> > LOG: H=localhost (DMZ) [127.0.0.1] rejected AUTH LOGIN
> > AHNwaWF1dGgAc3BpNzY3c3RyZWFt: TLS encryption required accept:
> > condition test
> > failed
>
> Its Failing here because you have an ACL for checking your
> authentication that requires you to have an encrypted
> connection, which your not setting up as part of your debug.
>
> HTH,
>
> Mark.


Thanks, yes indeed that was the issue. By disabling TLS my
authenticators worked great as suggested by other users too.

Now the question is why my TLS is failing.

My exim seems to be compiled correctly Running on RH9 or RH ES3

Exim version 4.43 uid=8 gid=12 pid=24388 D=fbb95cfd
Berkeley DB: Sleepycat Software: Berkeley DB 4.1.25: (August 21, 2003)
Support for: iconv() PAM TCPwrappers OpenSSL
Lookups: lsearch wildlsearch nwildlsearch iplsearch dbm dbmnz
Authenticators: cram_md5 cyrus_sasl plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile autoreply lmtp pipe smtp
configuration file is /usr/exim/configure

My Config file has the typical TLS setting:

tls_certificate = /usr/exim/cert
tls_privatekey = /usr/exim/key
tls_advertise_hosts = ${if eq{$received_protocol}{local-esmtp}{}{*}}

auth_advertise_hosts = *
queue_list_requires_admin = false

...

acl_check_auth:
   accept encrypted = *
        deny   message   = TLS encryption required



My main.Log files does show on each connection: P=esmtps
X=TLSv1:AES256-SHA:256

But when I run exim with -d and enable my outlook port 25 SSL
the connection closes abruptly:


24749 Listening...
24749 Connection request from 1.2.3.4 port 3414
24749 search_tidyup called
24755 host in rfc1413_hosts? yes (matched "*")
24755 doing ident callback
24749 1 SMTP accept process running
24749 Listening...
24755 ident connection to 1.2.3.4 failed: Connection timed out
24755 sender_fullhost = [1.2.3.4]
24755 sender_rcvhost = [1.2.3.4]
24755 Process 24755 is handling incoming connection from [1.2.3.4]
24755 checking for IP options
24755 no IP options found
24755 host in host_lookup? yes (matched "*")
24755 looking up host name for 1.2.3.4
24755 DNS lookup of 243.25.101.216.in-addr.arpa (PTR) succeeded
24755 IP address lookup yielded client-hostname
24755 gethostbyname looked up these IP addresses:
24755 name=client-hostname address=1.2.3.4
24755 checking addresses for client-hostname
24755 1.2.3.4 OK
24755 sender_fullhost = client-hostname [1.2.3.4]
24755 sender_rcvhost = client-hostname ([1.2.3.4])
24755 set_process_info: 24755 handling incoming connection from
client-hostname [1.2.3.4]
24755 host in host_reject_connection? no (option unset)
24755 host in sender_unqualified_hosts? no (option unset)
24755 host in recipient_unqualified_hosts? no (option unset)
24755 host in helo_verify_hosts? no (option unset)
24755 host in helo_try_verify_hosts? no (option unset)
24755 host in helo_accept_junk_hosts? no (end of list)
24755 SMTP>> 220 dmz.spi.local ESMTP Exim 4.43 Fri, 24 Dec 2004 17:38:49
-0800
24755 Process 24755 is ready for new message
24755 smtp_setup_msg entered
24755 SMTP<< EHLO PERSIA
24755 sender_fullhost = client-hostname (PERSIA) [1.2.3.4]
24755 sender_rcvhost = client-hostname ([1.2.3.4] helo=PERSIA)
24755 set_process_info: 24755 handling incoming connection from
client-hostname (PERSIA) [1.2.3.4]
24755 host in pipelining_advertise_hosts? yes (matched "*")
24755 host in auth_advertise_hosts? no (end of list)
24755 host in tls_advertise_hosts? yes (matched "*")
24755 SMTP>> 250-dmz.spi.local Hello client-hostname [1.2.3.4]
24755 250-SIZE 52428800
24755 250-PIPELINING
24755 250-STARTTLS
24755 250 HELP
24755 SMTP<< QUIT
24755 SMTP>> 221 dmz.spi.local closing connection
24755 LOG: smtp_connection MAIN
24755 SMTP connection from client-hostname (PERSIA) [1.2.3.4] closed by
QUIT
24755 search_tidyup called
24749 child 24755 ended: status=0x0
24749 0 SMTP accept processes now running
24749 Listening...
24749 Connection request from 1.2.3.4 port 3416
24749 search_tidyup called
24757 host in rfc1413_hosts? yes (matched "*")
24757 doing ident callback
24749 1 SMTP accept process running
24749 Listening...



Thanks in advance

Farhad




>
>
> --
> This e-mail message may contain confidential or privileged
> information. Recipients are requested to preserve this
> confidentiality and to advise
> the sender immediately of any error in transmission.
>
> Any views/opinions expressed in this email are that of the author and
> may not reflect the views of Salamis Group - www.salamisgroup.com
>
>