Re: [exim] Smtp-Authentication problems (using courier-authd…

Página Principal
Esta mensagem é parte da seguinte discussão:
Ma lista completa das discussões ordenadas por data
M-\Andreas Kahl em <-
M\MAndreas Kahl em ->
Apagar esta mensagem
Responder a esta mensagem
Autor: Phil Pennock
Data:  
Para: Andreas Kahl
CC: exim-users
Assunto: Re: [exim] Smtp-Authentication problems (using courier-authdaemondon debian etch)
On 2007-06-12 at 22:14 +0200, Andreas Kahl wrote:
>   accept  hosts         = +relay_from_hosts

>
> accept authenticated = *
> 
>   deny    message       = relay not permitted

This is fine.

> > You can get more diagnostics, running a debug Exim; this won't detach
> > >from the terminal, so you'll see what's going on. For instance:
> >
> > # exim -d+acl+auth -oX 26 -bd
> >
>
> I also did this (with Port 25). A copy of my console is attached in
> exim-session.txt .

This shows the problem. The client isn't authenticating.

> 28267 SMTP>> 220 vitruvia.dyndns.org ESMTP Exim 4.63 Tue, 12 Jun 2007 22:02:33 +0200
> 28267 Process 28267 is ready for new message
> 28267 smtp_setup_msg entered
> 28267 SMTP<< XXXX Cirrus.local

WTF is XXXX as an SMTP command?
Ah, it appears to be what a Cisco firewall replaces unacceptable
commands with.

You've got a broken application-level firewall breaking your SMTP
conversations.

You could try using the "submission" port, 587, for submission of email.
Or smtps on port 465 (SMTP with SSL-on-connect, instead of being
negotiated). Submission is better, smtps might better survive the
man-in-the-middle attack perpetrated by the malware pretending to be a
firewall. I call it malware because it's actively preventing good
security.

> 28267 LOG: smtp_syntax_error MAIN
> 28267 SMTP syntax error in "XXXX Cirrus.local" H=p54997838.dip.t-dialin.net [84.153.120.56] unrecognized command
> 28267 SMTP>> 500 unrecognized command
> 28267 SMTP<< HELO Cirrus.local

So here your client is saying HELO instead of EHLO, so isn't learning
about the authentication options.

> 28267 SMTP>> 250 vitruvia.dyndns.org Hello p54997838.dip.t-dialin.net [84.153.120.56]
> 28267 SMTP<< MAIL FROM:<kahl3@???>
> 28267 SMTP>> 250 OK

Here you see your server responding to the HELO and then the client
starting to send email; there's no authentication in-between.

> 28267 SMTP<< RCPT TO:<Andreas_Kahl@???>
> 28267 using ACL "acl_check_rcpt"
[...]
> 28267 processing "accept"
> 28267 check authenticated = *
> 28267 accept: condition test failed

And so the "have they authenticated?" test fails.

-Phil


Esta mensagem foi colocada nas seguintes mailing lists:
Exim-users
Informação da Mailing List | Mensagens Perto		<-Re: [exim] Smtp-Authentication problems (usingcourier-authdaemond on debian etch)Re: [exim] verify = helo, PTR record lookup->
Tahini and Hummus and Cumin Development Archives administrado por cumin AdminsLurker (versão 2.3)