[exim] Recipient callout verification with client AUTH?

Top Page
Delete this message
Reply to this message
Author: Holger Mauermann
Date:  
To: exim-users
Subject: [exim] Recipient callout verification with client AUTH?
I need to do recipient verification against a remote Cyrus LMTP server.
However, Exim never tries to authenticate as client during the callout.
Is this completely impossible or have I only missed some config options
that enable callouts with AUTH?

Here are some snippets of my configuration:

# ACL #
acl_rcpt_to:
deny !verify = recipient/callout=10s,no_cache

# Router #
loc_delivery:
driver = accept
transport = cyrus_lmtp

# Transport #
cyrus_lmtp:
driver = smtp
protocol = lmtp
hosts = imap.example.com
hosts_require_auth = *

# Authenticator #
client_cram:
driver = cram_md5
public_name = CRAM-MD5
client_name = xxxxxx
client_secret = yyyyyyy


And this is the output from "exim -bhc 127.0.0.1"

>>> processing "deny"
>>> check !verify = recipient/callout=10s,no_cache
>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> routing holger@???
>>> calling loc_delivery router
>>> routed by loc_delivery router
>>> fully qualified name = imap.example.com
>>> gethostbyname2 looked up these IP addresses:
>>>   name=imap.example.com address=10.0.2.5
>>> Attempting full verification using callout
>>> callout cache: disabled by no_cache
>>> interface=NULL port=24
>>> Connecting to imap.example.com [10.0.2.5]:24 ... connected
>>>   SMTP<< 220 imap.example.com LMTP Cyrus v2.3.7 ready
>>>   SMTP>> LHLO mx1.example.com
>>>   SMTP<< 250-imap.example.com
>>>          250-8BITMIME
>>>          250-ENHANCEDSTATUSCODES
>>>          250-PIPELINING
>>>          250-SIZE
>>>          250-AUTH LOGIN CRAM-MD5 DIGEST-MD5 PLAIN
>>>          250 IGNOREQUOTA
>>>   SMTP>> MAIL FROM:<>
>>>   SMTP<< 430 Authentication required
>>>   SMTP>> QUIT
>>> ----------- end verify ------------
>>> deny: condition test deferred

451 Could not complete recipient verify callout
LOG: H=localhost [127.0.0.1] F=<> temporarily rejected RCPT
holger@???: response to "MAIL FROM:<>" from imap.example.com
[10.0.2.5] was: 430 Authentication required