Re: [exim] Upgrade blues...

Top Page
Delete this message
Reply to this message
Author: Niclas Hedhman
Date:  
To: exim-users
Subject: Re: [exim] Upgrade blues...
On Thursday 29 September 2005 16:45, Odhiambo G. Washington wrote:

Arrogant sarcasm isn't appreciated, and if that is the general tone of this
community I won't stay long. That said...

> * On 29/09/05 02:15 +0800, Niclas Hedhman wrote:
> > Hi,
> >
> > I recently did the mistake of upgrading both my KMail client (to v1.7)
> > and Exim4 (whatever version is in Debian testing)...
>
> Mistake?


Yes. Only upgrade one thing at a time, so when something breaks, you know at
which end to look.

> Whatever version???
> /path/to/exim -bV will tell you the version.


srv01:~# exim4 -bV
Exim version 4.52 #1 built 21-Aug-2005 09:46:54
Copyright (c) University of Cambridge 2005
Berkeley DB: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
Support for: iconv() IPv6 GnuTLS
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dsearch nis
nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Configuration file is /var/lib/exim4/config.autogenerated

> > Now, authenticated SMTP no longer works, no matter what I try.
>
> What did you try? What do you see in mainlog related to the problem?


Well, that depends on which combo of encryption and authentication that is
tried from the client. Minimum expected was SSL + PLAIN which gives the
following...

2005-09-29 09:43:06 no host name found for IP address 219.94.56.25
2005-09-29 09:43:06 SMTP protocol violation: synchronization error (input sent
without waiting for greeting): rejected connection from H=[219.94.56.25]
input="\200g\001\003"

And client says the server closed the connection.

If I set No Encryption + PLAIN I get;
2005-09-29 09:44:44 no host name found for IP address 219.94.56.25
and the client says the server doesn't support PLAIN authentication
(expected).

For TLS+PLAIN I get the message from the client that TLS is not supported, and
the same "no host name found"


> > In KMail's "Check what the server supports" also yields different
> > results in KMail 1.7 and KMail 1.8, so I am utterly confused.
>
> Same to us here. What is KMail and what does it have to do with Exim
> and ASMTP?


KMail is the default mail client in KDE. Mail clients are often used to send
mail with via SMTP servers such as EXIM4 (sarcasm for you only.)

> > On the server, I do an extraction of mail-users from /etc/shadow and
> > creates a new /etc/exim4/passwd for authentication.
>
> What does your authenticators look like?


see below. That is the 'compiled output' from the "update-exim4.conf" tool,
which I don't know whether it is Exim or Debian related.

> > I have also got the Outlook hack enabled,
>
> What is Outlook hack? Where can I find it?


This was in the /etc/exim4/exim4.conf.template

# This one is a bad hack to support the broken version 4.xx of
# Microsoft Outlook Express which violates the RFCs by demanding
# "250-AUTH=" instead of "250-AUTH ".
# It has to be the last authenticator to work and has not been tested
# well. Use at your own risk.
# See the thread entry point from
#
http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050214/msg00213.htm
l
# for the related discussion on the exim-users mailing list.
# Thanks to Fred Viles for this great work.

support_broken_outlook_express_4_server:
driver = plaintext
public_name = "\r\n250-AUTH=PLAIN LOGIN"
server_prompts = User Name : Password
server_condition = no

which I enabled (didn't make any difference for the KMail case).

> > and Mailman mailing list in the mix, otherwise fairly stock config.
>
> You sound mixed up yourself, because you are not sure of the problem
> you need assistance with!


Well, I thought I can't have been the only one who use 'stock Debian'
configurations, which stopped working after an upgrade. I expected a "Oh,
that is because we have introduce XYZ, and you will need to enable/disable
the parameter ABC" or something like that.

> You want us to administer your server for you, yes?


No, but I don't expect to be a programmer and a 6 RFCs expert to set up the
most basic outgoing mailserver either. Perhaps too much to ask for.


Cheers
Niclas


Copied from /var/lib/exim4/config.autogenerated

begin authenticators

plain_server:
driver = plaintext
public_name = PLAIN
server_condition = "${if crypteq{$3}{${extract{1}{:}
{${lookup{$2}lsearch{CONFD
IR/passwd}{$value}{*:*}}}}}{1}{0}}"
server_set_id = $2
server_prompts = :
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
.endif

login_server:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if crypteq{$2}{${extract{1}{:}
{${lookup{$1}lsearch{CONFD
IR/passwd}{$value}{*:*}}}}}{1}{0}}"
server_set_id = $1
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
.endif

support_broken_outlook_express_4_server:
driver = plaintext
public_name = "\r\n250-AUTH=PLAIN LOGIN"
server_prompts = User Name : Password
server_condition = no

cram_md5:
driver = cram_md5
public_name = CRAM-MD5
client_name = ${extract{1}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}
{$value}fail}}}
client_secret = ${extract{2}{:}
{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}

plain:
  driver = plaintext
  public_name = PLAIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
  client_send = "${if !eq{$tls_cipher}{}{\
                     ^${extract{1}{::}\
                       {${lookup{$host}lsearch*{CONFDIR/passwd.client}
{$value}fail}}}\
                     ^${extract{2}{::}\
                       {${lookup{$host}lsearch*{CONFDIR/passwd.client}
{$value}fail}}}\
                   }fail}"
.else
  client_send = "^${extract{1}{::}
{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}^${extract{2}
{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"
.endif


login:
  driver = plaintext
  public_name = LOGIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
  client_send = "${if and{\
                          {!eq{$tls_cipher}{}}\
                          {!eq\
                              {${lookup{$host}lsearch*{CONFDIR/passwd.client}\
                                 {$value}fail}}\
                              {}}\
                         }\
                      {}fail}\
                 : ${extract{1}{::}\
                        {${lookup{$host}lsearch*{CONFDIR/passwd.client}
{$value}fail}}} \
                 : ${extract{2}{::}\
                     {${lookup{$host}lsearch*{CONFDIR/passwd.client}
{$value}fail}}}"
.else
  client_send = "${if !eq\
                          {${lookup\
                            {$host}lsearch*{CONFDIR/passwd.client}\
                            {$value}fail}}\
                          {}\
                      {}fail}\
                 : ${extract{1}{::}\
                        {${lookup{$host}lsearch*{CONFDIR/passwd.client}
{$value}fail}}} \
                 : ${extract{2}{::}\
                        {${lookup{$host}lsearch*{CONFDIR/passwd.client}
{$value}fail}}}"
.endif