Re: [exim] TLS Authentication at gmail failing

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Hadron Quark
Dátum:  
Címzett: Marc Haber
CC: exim4 mailing list
Tárgy: Re: [exim] TLS Authentication at gmail failing
Marc Haber <mh+exim-users@???> writes:

> On Fri, 27 Oct 2006 13:18:21 +0200, Hadron Quark
> <hadronquark@???> wrote:
>>Marc Haber <mh+exim-users@???> writes:
>>> On Fri, 27 Oct 2006 10:00:25 +0200, Hadron Quark
>>> <hadronquark@???> wrote:
>>>>I have configured exim4 to use smarthost for sending mails. I have,
>>>>succesfully, configured it to use procmail_pipe to intercept local
>>>>destinations - e.g I can "mail" from the Linux command line to
>>>>"root@locahost" and procmail is invoked by exim4 to deliver to my local
>>>>maildirs.
>>>>
>>>>The problem I have is that, using "mail" as opposed to my smtpmail
>>>>package in gnus and thus using exim4, the smarthost authentication is
>>>>failing. It worked twice and then stopped working.
>>>>
>>>>Here is the logline I get:
>>>>
>>>>2006-10-27 09:33:21 1GdMDG-0001tT-D9 ** hadronquark@???
>>>>R=smarthost T=remote_smtp_smarthost: SMTP error from remote mail server
>>>>after MAIL FROM:<hadron@fujitsu> SIZE=1369: host gmail-smtp.l.google.com
>>>>[66.249.93.111]: 530 5.5.1 Authentication Required c1sm157417ugf
>>>
>>> That looks like your exim is not trying to authenticate.
>>> http://wiki.debian.org/PkgExim4UserFAQ#head-c1af64f5f8594bec680ed64a199607afb8e1c084
>>> might help here.
>>
>>Not really as it offers no advice on how to setup. I dont know enough
>>about SMTP to debug anything.
>
> If you do not know that much about SMTP, then you should probably not
> run a mail server on the public Internet.


I want to be able to send emails via an smtp smart host using the well
publicised exim4 stuff. I dont wish to open my machine as a relay or a receiver.

>
> I have, however, added a few advices about how to debug to the FAQ
> entry. It might be more helpful now.
>
>>>>| Next, set up the client to send all outgoing mail via the relay host. Install exim4 and set it to use your relay server as a smarthost. Edit /etc/exim4/passwd.client and put in your username and password, something like:
>>>>| 
>>>>|     ### CONFDIR/passwd.client
>>>>|     #
>>>>|     # Format:
>>>>|     #targetmailserver.example:login:password
>>>>|     #
>>>>|     # default entry:
>>>>|     ### *:bar:foo
>>>>|     *:USERNAME:PASSWORD

>>>
>>> That is correct, and the * keeps you from hitting the trap mentioned
>>> in http://bugs.debian.org/244724 and
>>> http://pkg-exim4.alioth.debian.org/README/exim4-config_files.5.html#/etc/exim4/passwd.client
>>>
>>>>| Finally, hack your exim4.conf.template to use port 26 instead of 25. Find the section for remote_smtp_smarthost and add port = 26 to it. In my file it looks like this:
>>>>| 
>>>>|     remote_smtp_smarthost:
>>>>|       debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
>>>>|       driver = smtp
>>>>|       hosts_try_auth = ${if exists {CONFDIR/passwd.client}{DCsmarthost}{}}
>>>>|       tls_tempfail_tryclear = false
>>>>|       DEBCONFheaders_rewriteDEBCONF
>>>>|       DEBCONFreturn_pathDEBCONF
>>>>|       port = 26
>>>>| 
>>>>| That should be it. Now mail sent locally will get relayed via port 26 on your relay host. 

>>>
>>> Please note that your third-party HOWTO gives the bad advice of
>>> delivering to port tcp/26. smtp.google.com only listens on Ports
>>> tcp/25 and tcp/587.
>>
>>The how to I referenced didnt do anything with google. It was to do with
>>setting up your OWN smarthost for connecting to when on the the road. As
>>I said above, I already changed the port to 587 anyway.
>
> Good.
>
>>> I have just checked: smtp.google.com offers STARTTLS and only
>>> advertises SMTP AUTH after the connection has been encrypted. Thus,
>>> the Debian exim4 should be able to authenticate fine. I have verified
>>> both with swaks and exim4 that authentication works.
>>>
>>> The only trap that I can see is that smtp.google.com is a CNAME, so
>>> you'll need to either put an asterisk in your passwd.client line or
>>> explicitly name the reverse DNS name of smtp.google.com, which is
>>> (today) gmail-smtp.l.google.com.
>>
>>Can you reference the info about this asterisk?
>
> Sure. I already did. Information is available in
> http://bugs.debian.org/244724 and
> http://pkg-exim4.alioth.debian.org/README/exim4-config_files.5.html#/etc/exim4/passwd.client
>
>>As for the CNAME - my
>>exim4 log reveals it has started a converstion with the smtp server just
>>fine - so where does this CNAME come in?
>
> The plain authenticator in Debian's default configuration uses $host
> as a key into /etc/exim4/passwd.client, and that variable contains the
> name of the host you are actually connected to, which is most probably
> taken from the reverse DNS entry of the associated IP address. Thus,
> an entry "smtp.gmail.com" would not match for the host you are
> connected to.
>
> Changing this without exim helping here (which would require a change
> in exim program code) is _exceptionally_ hard in the configuration.


This all sounds ridiculously difficult. I find it incredible that I cant
reference "smtp.gmail.com" as normal email clients do. Maybe you're
right : maybe exim4 isnt't what I want or need. How to setup my system
to send mails locally and to the internet via a smart host from the Linux
mail facilities then? I want to be able to send to external targets via
cron etc too.


>>> May I ask why you chose to ignore all Debian documentation and instead
>>> went to honor a third-party HOWTO that clearly shows that its author
>>> is not familiar with Debian's exim packages?
>>
>>Because I couldnt google anything up which was easy enough to follow :
>>as a newbie, totally unfamiliar with exim4 the main docs are extremely
>>hard to follow.
>
> Running a Mail server on the Internet requires considerable knowledge,
> and it is a bad idea to do this without even knowing the basics of
> mail processing.


The rest of my mail processing stuff works fine. Since Ubuntu defaults
to all safe "no access" options, how can it be too dangerous?

>
>> If you know of a small howto which works
>
> No. The topic is complex and requires considerable knowledge.
>


To access an external smarthost? But its a well publicised and supported
feature. Its even supported in the config problem.

> It _might_ help to deliver a message from the command line with
> "< /dev/null exim -d target.address" and to send the debug output to a
> paste service. Beware that this output might contains your SMTP AUTH
> password, so you'd need to sanitize the output before posting.


I have no idea what you are talking about. Thanks for your help,
but it seems this is more trouble than its worth. Even the wiki didnt
work.

"How to enable exim4 for gmail smrthost WIKI"

http://wiki.debian.org/GmailAndExim4

Event though that pretty much says "maybe it will work" : not encouraging
about the ease of configuration.

I wont bother you anymore : I'll keep digging.