I've finally upgraded to exim4, and now I'd like to improve my SMTP AUTH
setup. I'm assuming that with version 4 I can do something a little better
than the single hard-wired user/passwd combination that I've used until now.
I've set up the configuration exactly as recommended in the config file.
I've created file /etc/exim4/passwd with entry:
naz:0$1$OONCCgw2$MZK5pk7/IvV6Unv.Log8g.
where the password string is a copy-and-paste from /etc/shadow.
I then mimencode it:
= echo -e -n 'naz\0$1$OONCCgw2$MZK5pk7/IvV6Unv.Log8g.' | mimencode
bmF6ACQxJE9PTkNDZ3cyJE1aSzVwazcvSXZWNlVudi5Mb2c4Zy4=
Then I test it with:
# exim4 -d+auth -bh 1.2.3.4
Exim version 4.34 uid=0 gid=0 pid=1541 D=fbb95cfd
Berkeley DB: Sleepycat Software: Berkeley DB 3.2.9: (May 26, 2004)
Support for: iconv() IPv6 GnuTLS
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dsearch
nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
changed uid/gid: forcing real = effective
uid=0 gid=0 pid=1541
auxiliary group list: <none>
configuration file is /var/lib/exim4/config.autogenerated
log selectors = 00000ffc 00010400
trusted user
admin user
changed uid/gid: privilege not needed
uid=109 gid=109 pid=1541
auxiliary group list: <none>
user name "root" extracted from gecos field "root"
originator: uid=0 gid=0 login=root name=root
sender address = root@mail
sender_fullhost = [1.2.3.4]
sender_rcvhost = [1.2.3.4]
**** SMTP testing session as if from host 1.2.3.4
**** but without any ident (RFC 1413) callback.
**** This is not for real!
LOG: smtp_connection MAIN
SMTP connection from [1.2.3.4]
host in host_lookup? yes (matched "*")
looking up host name for 1.2.3.4
DNS lookup of 4.3.2.1.in-addr.arpa (PTR) gave HOST_NOT_FOUND
returning DNS_NOMATCH
IP address lookup using gethostbyaddr()
IP address lookup failed: h_errno=1
LOG: host_lookup_failed MAIN
no host name found for IP address 1.2.3.4
sender_fullhost = [1.2.3.4]
sender_rcvhost = [1.2.3.4]
set_process_info: 1541 handling incoming connection from [1.2.3.4]
host in host_reject_connection? no (option unset)
host in sender_unqualified_hosts? no (option unset)
host in recipient_unqualified_hosts? no (option unset)
host in helo_verify_hosts? no (option unset)
host in helo_try_verify_hosts? no (option unset)
host in helo_accept_junk_hosts? no (option unset)
SMTP>> 220 phaedrus.azadian.ch ESMTP Exim 4.34 Tue, 25 Jan 2005 23:48:07 +0100
220 phaedrus.azadian.ch ESMTP Exim 4.34 Tue, 25 Jan 2005 23:48:07 +0100
smtp_setup_msg entered
ehlo azadian.ch
SMTP<< ehlo azadian.ch
azadian.ch in helo_lookup_domains? no (end of list)
sender_fullhost = (azadian.ch) [1.2.3.4]
sender_rcvhost = [1.2.3.4] (helo=azadian.ch)
set_process_info: 1541 handling incoming connection from (azadian.ch)
[1.2.3.4]
host in pipelining_advertise_hosts? yes (matched "*")
host in auth_advertise_hosts? yes (matched "*")
host in tls_advertise_hosts? no (option unset)
250-phaedrus.azadian.ch Hello azadian.ch [1.2.3.4]
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN LOGIN
250 HELP
SMTP>> 250-phaedrus.azadian.ch Hello azadian.ch [1.2.3.4]
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN LOGIN
250 HELP
auth login bmF6ACQxJE9PTkNDZ3cyJE1aSzVwazcvSXZWNlVudi5Mb2c4Zy4=
SMTP<< auth login bmF6ACQxJE9PTkNDZ3cyJE1aSzVwazcvSXZWNlVudi5Mb2c4Zy4=
search_open: lsearch "/etc/exim4/passwd"
search_find: file="/etc/exim4/passwd"
key="naz" partial=-1 affix=NULL starflags=0
LRU list:
:/etc/exim4/passwd
End
internal_search_find: file="/etc/exim4/passwd"
type=lsearch key="naz"
file lookup required for naz
in /etc/exim4/passwd
lookup yielded: $1$OONCCgw2$MZK5pk7/IvV6Unv.Log8g.
crypteq: using crypt()
subject=$1$OONCCgw2$qzO3TCnj30oEtdk9t4Zn/0
crypted=$1$OONCCgw2$MZK5pk7/IvV6Unv.Log8g.
login_server authenticator:
$1 = naz
$2 = $1$OONCCgw2$MZK5pk7/IvV6Unv.Log8g.
expanded string: 0
SMTP>> 535 Incorrect authentication data
535 Incorrect authentication data
LOG: MAIN REJECT
login_server authenticator failed for (azadian.ch) [1.2.3.4]: 535
Incorrect authentication data (set_id=naz)
Can anybody clue me in as to what I'm doing wrong here? The only thing I
can think of is the GNU EXTENSION mentioned in crypt(3) manpage for my
Debian Linux system. With the GNU EXTENSION the crypt output is 34
characters instead of 13.
Thanks in advance for any help you can provide.
NHA
--
Norman H. Azadian Mauto Systeme GmbH
naz@??? Wallisellerstrasse 155
http://www.mauto.com/ CH-8152 Opfikon
tel: +41 31 721 7855 fax: 55 898 55 Switzerland