Re: [exim] authenticate * not work

Top Page
Delete this message
Reply to this message
Author: G W
Date:  
To: Dave Lugo
CC: exim-users
Subject: Re: [exim] authenticate * not work
Thanks for you guys

> Run exim with the '-d' switch (debug mode), reproduce the problem,
> and then post the debug output. That's what I did when I was having
> authenticate issues (and the debug output was *very* helpful).



it's a bit long. hope you don't mind.
my acl seems repeat itself, i wonder why??

>>>>>>>>>>>>>>>> Exim pid=31679 terminating with rc=0 >>>>>>>>>>>>>>>>

Connection request from 219.76.52.214 port 1378
search_tidyup called
1 SMTP accept process running
Listening...
host in rfc1413_hosts? yes (matched "*")
doing ident callback
ident connection to 219.76.52.214 failed: Connection timed out
sender_fullhost = [219.76.52.214]
sender_rcvhost = [219.76.52.214]
Process is handling incoming connection from [219.76.52.214]
host in host_lookup? yes (matched "*")
looking up host name for 219.76.52.214
DNS lookup of 214.52.76.219.in-addr.arpa (PTR) succeeded
IP address lookup yielded yckun202214.netvigator.com
gethostbyname2(af=inet6) returned 4 (NO_DATA)
gethostbyname2 looked up these IP addresses:
name=yckun202214.netvigator.com address=219.76.52.214
checking addresses for yckun202214.netvigator.com
219.76.52.214 OK
sender_fullhost = yckun202214.netvigator.com [219.76.52.214]
sender_rcvhost = yckun202214.netvigator.com ([219.76.52.214])
set_process_info: handling incoming connection from
yckun202214.netvigator.com [219.76.52.214]
host in host_reject_connection? no (option unset)
host in sender_unqualified_hosts? no (option unset)
host in recipient_unqualified_hosts? no (option unset)
host in helo_verify_hosts? no (option unset)
host in helo_try_verify_hosts? no (option unset)
host in helo_accept_junk_hosts? no (option unset)
SMTP>> 220 mail3.techsoft.com.hk ESMTP Exim 4.50 Thu, 19 May 2005 12:13:27 +0800

Process is ready for new message
smtp_setup_msg entered
SMTP<< EHLO p4p800x
sender_fullhost = yckun202214.netvigator.com (p4p800x) [219.76.52.214]
sender_rcvhost = yckun202214.netvigator.com ([219.76.52.214] helo=p4p800x)
set_process_info: handling incoming connection from
yckun202214.netvigator.com (p4p800x) [219.76.52.214]
host in pipelining_advertise_hosts? yes (matched "*")
host in auth_advertise_hosts? yes (matched "*")
host in tls_advertise_hosts? no (option unset)
SMTP>> 250-mail3.techsoft.com.hk Hello yckun202214.netvigator.com

[219.76.52.214]
250-SIZE 5242880
250-PIPELINING
250-AUTH PLAIN CRAM-MD5
250 HELP
SMTP<< MAIL FROM: <gilbert@???>
SMTP>> 250 OK

SMTP<< RCPT TO: <gilbert.debian@???>
using ACL "acl_check_rcpt"
processing "accept"
check hosts = :
host in ":"? no (end of list)
accept: condition test failed
processing "warn"
check hosts = +relay_from_hosts
host in "127.0.0.1 : 219.130.0.0/16 : 218.16.0.0/16 : 219.132.0.0/16 :
59.36.0.0/16 : 219.76.37.0/24 : 218.103.0.0/16 : ::::1 :"? no (end of
list)
host in "+relay_from_hosts"? no (end of list)
warn: condition test failed
processing "deny"
check domains = +local_domains
search_open: mysql "NULL"
search_find: file="NULL"
key="SELECT DISTINCT domain FROM mail_domains WHERE
domain='gmail.com'" partial=-1 affix=NULL starflags=0
LRU list:
internal_search_find: file="NULL"
type=mysql key="SELECT DISTINCT domain FROM mail_domains WHERE
domain='gmail.com'"
database lookup required for SELECT DISTINCT domain FROM mail_domains
WHERE domain='gmail.com'
MYSQL query: SELECT DISTINCT domain FROM mail_domains WHERE domain='gmail.com'
MYSQL new connection: host=localhost port=0 socket=NULL database=admin
user=vhost_admin
MYSQL: no data found
lookup failed
gmail.com in "@:mysql;SELECT DISTINCT domain FROM mail_domains WHERE
domain='gmail.com'"? no (end of list)
gmail.com in "+local_domains"? no (end of list)
deny: condition test failed
processing "deny"
check domains = !+local_domains
search_open: mysql "NULL"
cached open
search_find: file="NULL"
key="SELECT DISTINCT domain FROM mail_domains WHERE
domain='gmail.com'" partial=-1 affix=NULL starflags=0
LRU list:
internal_search_find: file="NULL"
type=mysql key="SELECT DISTINCT domain FROM mail_domains WHERE
domain='gmail.com'"
cached data used for lookup of SELECT DISTINCT domain FROM
mail_domains WHERE domain='gmail.com'
lookup failed
gmail.com in "@:mysql;SELECT DISTINCT domain FROM mail_domains WHERE
domain='gmail.com'"? no (end of list)
gmail.com in "!+local_domains"? yes (end of list)
check local_parts = ^[./|] : ^.*[@%!\'`#&?] : ^.*/\\.\\./
gilbert.debian in "^[./|] : ^.*[@%!'`#&?] : ^.*/\.\./"? no (end of list)
deny: condition test failed
processing "accept"
check local_parts = postmaster
gilbert.debian in "postmaster"? no (end of list)
accept: condition test failed
processing "deny"
check !acl = acl_whitelist_local_deny
using ACL "acl_whitelist_local_deny"
processing "accept"
check hosts = ${if
exists{/etc/exim4/local_host_whitelist}{/etc/exim4/local_host_whitelist}{}}
host in ""? no (end of list)
accept: condition test failed
processing "accept"
check senders = ${if
exists{/etc/exim4/local_sender_whitelist}{/etc/exim4/local_sender_whitelist}{}}
gilbert@??? in ""? no (end of list)
accept: condition test failed
end of ACL "acl_whitelist_local_deny": implicit DENY
check senders = ${if
exists{/etc/exim4/local_sender_blacklist}{/etc/exim4/local_sender_blacklist}{}}
gilbert@??? in ""? no (end of list)
deny: condition test failed
processing "deny"
check !acl = acl_whitelist_local_deny
using ACL "acl_whitelist_local_deny"
processing "accept"
check hosts = ${if
exists{/etc/exim4/local_host_whitelist}{/etc/exim4/local_host_whitelist}{}}
host in ""? no (end of list)
accept: condition test failed
processing "accept"
check senders = ${if
exists{/etc/exim4/local_sender_whitelist}{/etc/exim4/local_sender_whitelist}{}}
gilbert@??? in ""? no (end of list)
accept: condition test failed
end of ACL "acl_whitelist_local_deny": implicit DENY
check hosts = ${if
exists{/etc/exim4/local_host_blacklist}{/etc/exim4/local_host_blacklist}{}}
host in ""? no (end of list)
deny: condition test failed
processing "accept"
check domains = +local_domains
search_open: mysql "NULL"
cached open
search_find: file="NULL"
key="SELECT DISTINCT domain FROM mail_domains WHERE
domain='gmail.com'" partial=-1 affix=NULL starflags=0
LRU list:
internal_search_find: file="NULL"
type=mysql key="SELECT DISTINCT domain FROM mail_domains WHERE
domain='gmail.com'"
cached data used for lookup of SELECT DISTINCT domain FROM
mail_domains WHERE domain='gmail.com'
lookup failed
gmail.com in "@:mysql;SELECT DISTINCT domain FROM mail_domains WHERE
domain='gmail.com'"? no (end of list)
gmail.com in "+local_domains"? no (end of list)
accept: condition test failed
processing "accept"
check domains = +relay_to_domains
search_open: mysql "NULL"
cached open
search_find: file="NULL"
key="SELECT domain FROM mail_relay WHERE domain='gmail.com'"
partial=-1 affix=NULL starflags=0
LRU list:
internal_search_find: file="NULL"
type=mysql key="SELECT domain FROM mail_relay WHERE domain='gmail.com'"
database lookup required for SELECT domain FROM mail_relay WHERE
domain='gmail.com'
MYSQL query: SELECT domain FROM mail_relay WHERE domain='gmail.com'
MYSQL using cached connection for localhost/admin/vhost_admin
MYSQL: no data found
lookup failed
gmail.com in "mysql;SELECT domain FROM mail_relay WHERE
domain='gmail.com'"? no (end of list)
gmail.com in "+relay_to_domains"? no (end of list)
accept: condition test failed
processing "accept"
check hosts = +relay_from_hosts
cached no match for +relay_from_hosts
cached lookup data = NULL
host in "+relay_from_hosts"? no (end of list)
accept: condition test failed
processing "accept"
check authenticated = *
accept: condition test failed
processing "deny"
deny: condition test succeeded
SMTP>> 550 relay not permitted

LOG: MAIN REJECT
H=yckun202214.netvigator.com (p4p800x) [219.76.52.214]
F=<gilbert@???> rejected RCPT
<gilbert.debian@???>: relay not permitted
SMTP<< QUIT
SMTP>> 221 mail3.techsoft.com.hk closing connection

LOG: smtp_connection MAIN
SMTP connection from yckun202214.netvigator.com (p4p800x)
[219.76.52.214] closed by QUIT
search_tidyup called

> BZZZZZT! Not a Cisco firewall with SMTP fixup running? That will get
> in the way. It's very broken. Turn it off.


from the result above, how do i know that Cisco SMTP fixup is running?
actually, there're 3 mail servers behind this firewall (Sendmail,
qmail, and EXIM), the 1st 2 both are able to authenticate clients
before relaying.

Dunno if EXIM implements the same EHLO mechanism as the other 2??

FYI, i want to migrate both sendmail & qmail to Exim.

> Then get a large iron bar and visit your cisco admin. Keep hitting him
> until he takes off the smtp fixup. If he dies first use the iron bar on
> the firewall.
> It must be close on 20 years that cisco have been making ESMTP unusable.

Ha.
unfortunately, the "cisco admin" is not nearby. i have to make sure
it's caused by "his" firewall before i ask him to take a look.

he's a little bit nervous when someone blames it on the firewall set
by him ( -_-")



so what can i do ???