[exim] How does exim handle the case of changing smarthost D…

Top Page
Delete this message
Reply to this message
Author: Marc Haber
Date:  
To: exim-users
Subject: [exim] How does exim handle the case of changing smarthost DNS records?
Hi,

this message ends with a debug output from exim 4.63 (Debian)
delivering via a smarthost router (also quoted at the end) to a host
that requires authentication. Exim is configured to authenticate, and
does this most of the time. Other times, this is what happens:

routed by smarthost router
host gmail-smtp.l.google.com [209.85.133.111] port=587
host gmail-smtp.l.google.com [209.85.133.109] port=587
<snip>
remote_smtp_smarthost transport entered
<snip>
Connecting to gmail-smtp.l.google.com [209.85.133.111]:587 ... connected
<snip>
209.85.133.111 in hosts_require_auth? no (option unset)
<snip>
gethostbyname2 looked up these IP addresses:
name=gmail-smtp.l.google.com address=64.233.185.111
name=gmail-smtp.l.google.com address=64.233.185.109
209.85.133.111 in hosts_try_auth? no (end of list)

Exim then continues to send the message unauthenticated and gets it
rejected.

Is it really possible that exim gets different results for the two
lookups that it does for the host name and in result thinks that it
doesn't need to authenticate?

Do you have any idea what might be going wrong here? And how I can fix
it in the configuration?

Greetings
Marc

router:
smarthost:
debug_print = "R: smarthost for $local_part@$domain"
driver = manualroute
domains = ! +local_domains
transport = remote_smtp_smarthost
route_list = * DCsmarthost byname
host_find_failed = defer
same_domain_copy_routing = yes
no_more

(the DCsmarthost macro is set to smtp.gmail.com::587)

remote_smtp_smarthost transport:
remote_smtp_smarthost:
  debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
  driver = smtp
  hosts_try_auth = ${if exists {CONFDIR/passwd.client}\
                               {${extract{1}{:}{DCsmarthost}}}\
                               {}\
                    }
  tls_tempfail_tryclear = false


CONFDIR/passwd.client exists.

exec /usr/sbin/exim4 -d=0xfbb95cfd -Mc 1H2wDN-0001kT-Qh
Exim version 4.63 uid=102 gid=102 pid=6726 D=fbb95cfd
Berkeley DB: Sleepycat Software: Berkeley DB 4.3.29: (September 6, 2005)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
changed uid/gid: forcing real = effective
uid=0 gid=102 pid=6726
auxiliary group list: <none>
seeking password data for user "uucp": cache not available
getpwnam() succeeded uid=10 gid=10
configuration file is /var/lib/exim4/config.autogenerated
log selectors = 00000ffc 00189001
cwd=/var/spool/exim4 4 args: /usr/sbin/exim4 -d=0xfbb95cfd -Mc 1H2wDN-0001kT-Qh
trusted user
admin user
skipping ACL configuration - not needed
seeking password data for user "mail": cache not available
getpwnam() succeeded uid=8 gid=8
set_process_info: 6726 delivering specified messages
set_process_info: 6726 delivering 1H2wDN-0001kT-Qh
reading spool file 1H2wDN-0001kT-Qh-H
user=root uid=0 gid=0 sender=root@???
sender_local=1 ident=root
Non-recipients:
Empty Tree
---- End of tree ----
recipients_count=1
body_linecount=18 message_linecount=14
Delivery address list:
celejar@???
locking /var/spool/exim4/db/retry.lockfile
locked /var/spool/exim4/db/retry.lockfile
EXIM_DBOPEN(/var/spool/exim4/db/retry)
returned from EXIM_DBOPEN
no retry data available
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Considering: celejar@???
unique = celejar@???
no domain retry record
no address retry record
celejar@???: queued for routing
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

routing celejar@???
--------> smarthost router <--------
local_part=celejar domain=nerdshack.com
checking domains
nerdshack.com in "@:localhost:localhost.localdomain"? no (end of list)
nerdshack.com in "! +local_domains"? yes (end of list)
R: smarthost for celejar@???
calling smarthost router
smarthost router called for celejar@???
domain = nerdshack.com
route_item = * smtp.gmail.com::587 byname
nerdshack.com in "*"? yes (matched "*")
original list of hosts = "smtp.gmail.com::587" options = byname
expanded list of hosts = "smtp.gmail.com::587" options = byname
set transport remote_smtp_smarthost
finding IP address for smtp.gmail.com:587
host=smtp.gmail.com port=587
calling host_find_byname
gethostbyname2(af=inet6) returned 3 (NO_RECOVERY)
fully qualified name = gmail-smtp.l.google.com
gethostbyname2 looked up these IP addresses:
name=gmail-smtp.l.google.com address=209.85.133.111
name=gmail-smtp.l.google.com address=209.85.133.109
queued for remote_smtp_smarthost transport: local_part = celejar
domain = nerdshack.com
errors_to=NULL
domain_data=NULL localpart_data=NULL
routed by smarthost router
envelope to: celejar@???
transport: remote_smtp_smarthost
host gmail-smtp.l.google.com [209.85.133.111] port=587
host gmail-smtp.l.google.com [209.85.133.109] port=587
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

After routing:
  Local deliveries:
  Remote deliveries:
    celejar@???
  Failed addresses:
  Deferred addresses:
search_tidyup called

>>>>>>>>>>>>>>>> Remote deliveries >>>>>>>>>>>>>>>>

--------> celejar@??? <--------
localhost.localdomain in "@:localhost:localhost.localdomain"? yes (matched "@")
localhost.localdomain in "+local_domains"? yes (matched "+local_domains")
search_tidyup called
set_process_info: 6726 delivering 1H2wDN-0001kT-Qh: waiting for a remote delivery subprocess to finish
selecting on subprocess pipes
changed uid/gid: remote delivery to celejar@??? with transport=remote_smtp_smarthost
uid=102 gid=102 pid=6727
auxiliary group list: <none>
set_process_info: 6727 delivering 1H2wDN-0001kT-Qh using remote_smtp_smarthost
T: remote_smtp_smarthost for celejar@???
remote_smtp_smarthost transport entered
celejar@???
nerdshack.com in queue_smtp_domains? no (option unset)
checking status of gmail-smtp.l.google.com
locking /var/spool/exim4/db/retry.lockfile
locked /var/spool/exim4/db/retry.lockfile
EXIM_DBOPEN(/var/spool/exim4/db/retry)
returned from EXIM_DBOPEN
no retry data available
gmail-smtp.l.google.com [209.85.133.111]:587 status = usable
209.85.133.111 in serialize_hosts? no (option unset)
delivering 1H2wDN-0001kT-Qh to gmail-smtp.l.google.com [209.85.133.111] (celejar@???)
set_process_info: 6727 delivering 1H2wDN-0001kT-Qh to gmail-smtp.l.google.com [209.85.133.111] (celejar@???)
Transport port=25 replaced by host-specific port=587
Connecting to gmail-smtp.l.google.com [209.85.133.111]:587 ... connected
waiting for data on socket
read response data: size=40
SMTP<< 220 mx.google.com ESMTP c9sm2346590ana
209.85.133.111 in hosts_avoid_esmtp? no (option unset)
SMTP>> EHLO localhost.localdomain

waiting for data on socket
read response data: size=125
  SMTP<< 250-mx.google.com at your service, [70.107.128.254]
         250-SIZE 20971520
         250-8BITMIME
         250-STARTTLS
         250 ENHANCEDSTATUSCODES
209.85.133.111 in hosts_avoid_tls? no (option unset)

SMTP>> STARTTLS

waiting for data on socket
read response data: size=30
SMTP<< 220 2.0.0 Ready to start TLS
initializing GnuTLS as a client
read D-H parameters from file
initialized D-H parameters
no TLS client certificate is specified
initialized certificate stuff
initialized GnuTLS session
cipher: TLS-1.0:RSA_3DES_EDE_CBC_SHA1:24
SMTP>> EHLO localhost.localdomain

tls_do_write(bffbf05c, 28)
gnutls_record_send(SSL, bffbf05c, 28)
outbytes=28
waiting for data on socket
Calling gnutls_record_recv(8123940, bffbd05c, 4096)
read response data: size=133
  SMTP<< 250-mx.google.com at your service, [70.107.128.254]
         250-SIZE 20971520
         250-8BITMIME
         250-AUTH LOGIN PLAIN
         250 ENHANCEDSTATUSCODES
not using PIPELINING
209.85.133.111 in hosts_require_auth? no (option unset)
gethostbyname2(af=inet6) returned 3 (NO_RECOVERY)
gethostbyname2 looked up these IP addresses:
  name=gmail-smtp.l.google.com address=64.233.185.111
  name=gmail-smtp.l.google.com address=64.233.185.109
209.85.133.111 in hosts_try_auth? no (end of list)

SMTP>> MAIL FROM:<root@???> SIZE=2675

tls_do_write(bffbf05c, 42)
gnutls_record_send(SSL, bffbf05c, 42)
outbytes=42
waiting for data on socket
Calling gnutls_record_recv(8123940, bffbd05c, 4096)
read response data: size=50
SMTP<< 530 5.5.1 Authentication Required c9sm2346590ana
ok=0 send_quit=1 send_rset=1 continue_more=0 yield=0 first_address is not NULL
SMTP>> QUIT

tls_do_write(bffbf05c, 6)
gnutls_record_send(SSL, bffbf05c, 6)
outbytes=6
tls_close(): shutting down TLS
set_process_info: 6727 delivering 1H2wDN-0001kT-Qh: just tried gmail-smtp.l.google.com [209.85.133.111] for celejar@???: result OK
Leaving remote_smtp_smarthost transport
set_process_info: 6727 delivering 1H2wDN-0001kT-Qh (just run remote_smtp_smarthost for celejar@??? in subprocess)
search_tidyup called
reading pipe for subprocess 6727 (not ended)
read() yielded 5
selecting on subprocess pipes
reading pipe for subprocess 6727 (not ended)
read() yielded 100
selecting on subprocess pipes
reading pipe for subprocess 6727 (not ended)
read() yielded 194
selecting on subprocess pipes
reading pipe for subprocess 6727 (not ended)
read() yielded 2
Z0 item read
remote delivery process 6727 ended
set_process_info: 6726 delivering 1H2wDN-0001kT-Qh
post-process celejar@??? (2)
LOG: MAIN
** celejar@??? R=smarthost T=remote_smtp_smarthost: SMTP error from remote mail server after MAIL FROM:<root@???> SIZE=2675: host gmail-smtp.l.google.com [209.85.133.111]: 530 5.5.1 Authentication Required c9sm2346590ana
>>>>>>>>>>>>>>>> deliveries are done >>>>>>>>>>>>>>>>

changed uid/gid: post-delivery tidying
uid=102 gid=102 pid=6726
auxiliary group list: <none>
set_process_info: 6726 tidying up after delivering 1H2wDN-0001kT-Qh
Processing retry items
Succeeded addresses:
Failed addresses:
celejar@???: no retry items
Deferred addresses:
end of retry processing
processing failed address celejar@???
sending error message to: root@???
writing data block fd=8 size=1661 timeout=0


-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835