On Wed, 31 Aug 2005, ji wrote:
>
> but how decide exim which authentication entry should be used? where is
> the connection between transport entry and the authentication entry? if
> i have more than 1 smarthost?
Unfortunately this is one of the weak points of Exim's authentication
system. There are three ways you can alter client authentication
dependent on the server:
(1) Have one authenticator for each SASL mechanism, and use string
expansions in the authenticators' client settings to control which
credentials are selected for each server.
(2) Have multiple authenticators for each SASL mechanism, and use forced
expansion failures to prevent the undesired authenticators from being used
with a given server.
(3) Have multiple authenticators for each SASL mechanism, and rely on the
fact that Exim will try other plausible authenticators if authentication
fails. This will lead to spurious authentication failures which will
probably be logged by the server and may lead to upset sysadmins.
The first two possibilities are a result of this paragraph in the docs:
. When it finds one that matches, it runs the authenticator's client code.
The variables $host and $host_address are available for any string
expansions that the client might do. They are set to the server's name
and IP address. If any expansion is forced to fail, the authentication
attempt is abandoned, and Exim moves on to the next authenticator.
Otherwise an expansion failure causes delivery to be deferred.
The third arises from this paragraph:
. If the response to authentication is a permanent error (5xx code), Exim
carries on searching the list of authenticators and tries another one if
possible. If all authentication attempts give permanent errors, or if
there are no attempts because no mechanisms match (or option expansions
force failure), what happens depends on whether the host matches
"hosts_require_auth" or "hosts_try_auth". In the first case, a temporary
error is generated, and delivery is deferred. The error can be detected
in the retry rules, and thereby turned into a permanent error if you
wish. In the second case, Exim tries to deliver the message
unauthenticated.
Tony.
--
<fanf@???> <dot@???>
http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}