Hi,
this is Debian issue #244724, which I currently consider a request for
clarification.
----- Forwarded message from Andre Heynatz <vetasana@???> -----
> I tried to configure exim4 for my ISP's mail account, 1&1. The hostname
> given by 1&1:
>
> auth.mail.onlinehome.de
>
> I created a passwd.client file with the following content:
>
> auth.mail.onlinehome.de:myusername:mypassword
>
> and changed other settings as described in
> /usr/share/doc/exim4-base/README.SMTP-AUTH.
>
>
> It does not work, the Exim4 log file tells the following:
>
>
> me@??? R=smarthost T=remote_smtp: SMTP error from remote mailer
> after MAIL FROM:<> SIZE=2357:
> host authmailonline.kundenserver.de [212.227.15.180]: 530 Authentication
> required
>
>
> After debugging the SMTP session, I found out that exim4 does not use the
> dc_smarthost value 'auth.mail.onlinehome.de' as lookup key for
> /etc/exim4/passwd.client, instead it does a DNS lookup:
>
>
> $ host auth.mail.onlinehome.de
> auth.mail.onlinehome.de is an alias for authmailonline.kundenserver.de.
> authmailonline.kundenserver.de has address 212.227.15.180
> authmailonline.kundenserver.de has address 212.227.15.132
> authmailonline.kundenserver.de has address 212.227.15.148
> authmailonline.kundenserver.de has address 212.227.15.164
>
>
> $ dig auth.mail.onlinehome.de
> ...
> ;; ANSWER SECTION:
> auth.mail.onlinehome.de. 1675 IN CNAME
> authmailonline.kundenserver.de.
> authmailonline.kundenserver.de. 808 IN A 212.227.15.164
> authmailonline.kundenserver.de. 808 IN A 212.227.15.180
> authmailonline.kundenserver.de. 808 IN A 212.227.15.132
> authmailonline.kundenserver.de. 808 IN A 212.227.15.148
> ...
>
>
> authmailonline.kundenserver.de is used as the key, and this key is not
> found. So the authentication fails, and the mail is frozen. In config
> files, the original hostname should be used for lookup.
>
>
> I do not know in which way exim4 does react if the ISP changes the DNS
> alias which they are free to do.
----- End forwarded message -----
Looks like exim does a double reverse lookup on the target host name,
and then uses the name obtained from that reverse lookup to obtain
user name and password to authenticate with. I do actually find this
unproductive in today's world where service providers frequently have
service CNAMEs pointing to different machines to be able to re-route
client requests for maintenance and repair. With exim doing that
double reverse lookup, an ISP re-pointing its service CNAMEs will
probably break exim clients authenticating.
Is there a reason that exim does it this way that I have missed?
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
