Re: [exim] Exim failing to authenticate

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Celejar
Datum:  
To: exim-users
Betreff: Re: [exim] Exim failing to authenticate
On Fri, 25 Aug 2006 05:03:38 +0800
W B Hacker <wbh@???> wrote:

<<Snip>>

> The 'unique' manner of managing configuration is Debian-specific.
>
> The problem is general:
>
> - IF/AS/WHEN an MTA acts as a client to another MTA in MSA mode, *and* it
> arrives on port 25, authentication is not ordinarily expected for traffic
> destined TO the user-community on that server. It is seen as a 'distant'
> correspondent - one of 'brazillions' who may have legitmate traffic for that
> user community.
>
> - However, IF/AS/WHEN said 'foreign' MTA attempts to submit traffic for OTHER
> THAN users 'local' to the target host, it would ordinarily be treated as an
> unauthorized relay attempt, and denied.
>
> In order to be permitted to transit traffic to destinations NOT local to a given
> host, one or both of two tests must ordinarily be satisfied:
>
> - The host attempting to submit must be recognized (by IP, matching pem certs,
> etc.) as an authorized relay source BY the intermediate host. Not bloody likely
> for an ISP host you do not control!
>
> - The host attempting to submit must 'authenticate' with a UID:PWD valid on the
> intermediate host. This is exactly what your MUA ordinarily has to do when
> submitting 'outbound' traffic, and may or may not be acceptable on port 25.
> Port 587, with TLS, is a likely alternative.
>
> Accordingly, the 'short answer' seems to be that for the intermediate
> 'smarthost' in question, you will have to configure Exim to behave much as your
> MUA would do, i.e. use the expected port and protocol (TLS on 587?), and supply
> BOTH a UID and Password valid for that host.
>
> IF said host allows you to send mail when traveling and attached via some other
> ISP's link, i.e with the correct UID:PWD, but a random source IP, then all
> should be well. If NOT, then said host may *also* be allowing submission only
> from valid UID:PWD who are also attached via its own 'backside' IP pool. Some
> ISP do that, as it virtually guarantees that they can identify a rule violator
> by their own MAC address logs and session timestamps.
>
> You can test this environment with your MUA to see if that is so.
>
> Applying the appropriate settings to cause Exim to meet the ISP smarthost
> submission needs for authentication UID:PWD, unfortunately, IS Debian-specific
> your case.
>
> HTH,
>
> Bill


Thanks for the detailed explanation. The smarthost in question is the Gmail SMTP server, which is available to anyone with a Gmail account, with no restrictions on the client's network segment location. As I mentioned, I have no problems with other MTAs (Sylpheed's built-in one, ssmtp) over the same link, so I suppose I must have made some Debian configuration mistake.
Anyway, I reinstalled and reconfigured (once again :) ) exim and this time I seem to have gotten it right. Thanks again for your help.

Celejar

--
ssuds.sourceforge.net - Home of Ssuds and Ssudg, a Simple Sudoku Solver and Generator