Re: [exim] TLS Authentication at gmail failing

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Marc Haber
Dátum:  
Címzett: exim4 mailing list
Tárgy: Re: [exim] TLS Authentication at gmail failing
On Fri, 27 Oct 2006 10:00:25 +0200, Hadron Quark
<hadronquark@???> wrote:
>I have configured exim4 to use smarthost for sending mails. I have,
>succesfully, configured it to use procmail_pipe to intercept local
>destinations - e.g I can "mail" from the Linux command line to
>"root@locahost" and procmail is invoked by exim4 to deliver to my local
>maildirs.
>
>The problem I have is that, using "mail" as opposed to my smtpmail
>package in gnus and thus using exim4, the smarthost authentication is
>failing. It worked twice and then stopped working.
>
>Here is the logline I get:
>
>2006-10-27 09:33:21 1GdMDG-0001tT-D9 ** hadronquark@???
>R=smarthost T=remote_smtp_smarthost: SMTP error from remote mail server
>after MAIL FROM:<hadron@fujitsu> SIZE=1369: host gmail-smtp.l.google.com
>[66.249.93.111]: 530 5.5.1 Authentication Required c1sm157417ugf


That looks like your exim is not trying to authenticate.
http://wiki.debian.org/PkgExim4UserFAQ#head-c1af64f5f8594bec680ed64a199607afb8e1c084
might help here.

>Here is the HowTo I followed, changing the port selected by the client
>to 587 for gmail's smtp servers. I have set up my passwd.client file.
>
>http://www.lexspoon.org/linux/smtp-relay.html


That HOWTO is actually quite bad. A critique of it can be found in
http://wiki.debian.org/PkgExim4UserFAQ#head-143dbe79ffa3848284fbd0b0a2bb78dae3d75a18.

>Possibly something to do with authentication file generated by
>"/usr/share/doc/exim4-base/examples/exim-gencert"


Not at all. A certificate is not needed if all you want to do is
authenticate as a client.

> - should I have even
>run that keeping in mind that I'm not running a receiving smtp server -
>only a client.


It does not hurt, but it is not needed.

>| Next, set up the client to send all outgoing mail via the relay host. Install exim4 and set it to use your relay server as a smarthost. Edit /etc/exim4/passwd.client and put in your username and password, something like:
>| 
>|     ### CONFDIR/passwd.client
>|     #
>|     # Format:
>|     #targetmailserver.example:login:password
>|     #
>|     # default entry:
>|     ### *:bar:foo
>|     *:USERNAME:PASSWORD


That is correct, and the * keeps you from hitting the trap mentioned
in http://bugs.debian.org/244724 and
http://pkg-exim4.alioth.debian.org/README/exim4-config_files.5.html#/etc/exim4/passwd.client

>| Finally, hack your exim4.conf.template to use port 26 instead of 25. Find the section for remote_smtp_smarthost and add port = 26 to it. In my file it looks like this:
>| 
>|     remote_smtp_smarthost:
>|       debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
>|       driver = smtp
>|       hosts_try_auth = ${if exists {CONFDIR/passwd.client}{DCsmarthost}{}}
>|       tls_tempfail_tryclear = false
>|       DEBCONFheaders_rewriteDEBCONF
>|       DEBCONFreturn_pathDEBCONF
>|       port = 26
>| 
>| That should be it. Now mail sent locally will get relayed via port 26 on your relay host. 


Please note that your third-party HOWTO gives the bad advice of
delivering to port tcp/26. smtp.google.com only listens on Ports
tcp/25 and tcp/587.

I have just checked: smtp.google.com offers STARTTLS and only
advertises SMTP AUTH after the connection has been encrypted. Thus,
the Debian exim4 should be able to authenticate fine. I have verified
both with swaks and exim4 that authentication works.

The only trap that I can see is that smtp.google.com is a CNAME, so
you'll need to either put an asterisk in your passwd.client line or
explicitly name the reverse DNS name of smtp.google.com, which is
(today) gmail-smtp.l.google.com.

May I ask why you chose to ignore all Debian documentation and instead
went to honor a third-party HOWTO that clearly shows that its author
is not familiar with Debian's exim packages?

Greetings
Marc

-- 
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber         |   " Questions are the         | Mailadresse im Header
Mannheim, Germany  |     Beginning of Wisdom "     | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834