Autor: David Datum: To: exim-users Betreff: [exim] Exim and auth behind Cisco kit?
I have an Ubuntu install of Exim on a server that is publically
accessible. The configuration file is monolithic (not the split
Debian one) which I took from a working server elsewhere and modified.
Auth comes from a plain text file and should be advertised to anybody,
there are no restrictions in auth_advertise_hosts. However, it seems
that auth is not even attempted by my clients.
A typical session looks like this (captured with wireshark):
220 ************0 ****200***0******0000
EHLO [192.168.20.175]
500 unrecognized command
HELO [192.168.20.175]
250 smtp.mydomain Hello host123.myisp [x.x.x.x]
MAIL FROM: <test@???>
250 OK
RCPT TO: <david@???>
550 This MX is not a relay. Go away.
The 550 is expected, because no AUTH was attempted. As I understand
it AUTH is only accepted after EHLO anyway. Connecting to
localhost:25 using nc on the server shows a proper initial 220 and
accepts 'EHLO test', advertising AUTH PLAIN LOGIN.
An nmap scan from outside shows that port 25 is "Cisco PIX sanatized
smtpd" which I find interesting. Could it be that the above is
explained by some strange behaviour of the router or firewall? If so,
can somebody suggest how to stop it interfering with my SMTP sessions?