Re: [exim] authenticator returned 13

Top Page
Delete this message
Reply to this message
Author: Don Porter
Date:  
To: exim-users
Subject: Re: [exim] authenticator returned 13
Hello all, and thank you for the helpful replies. I'll try to
condense my responses into one email rather than 3.

1) Regarding the config for the plain and login authenticators, I am
using the unmodified Ubuntu defaults. They are the same as what Marc
sent to the list, and are included below for competeness.

2) It sounds like the Debian list is the wrong place to go. I can try
the ubuntu forums, but I'd prefer to go another round on this list if
you'll indulge me.

3) I tried the SMTP test that Phil suggested, and I was able to
authenticate without problems:

Trying 192.168.1.75...
Connected to 192.168.1.75.
Escape character is '^]'.
220 smtp112.sbc.mail.mud.yahoo.com ESMTP
ehlo
250-smtp112.sbc.mail.mud.yahoo.com
250-AUTH LOGIN PLAIN XYMCOOKIE
250-PIPELINING
250 8BITMIME
auth plain [redacted]
235 ok, go ahead (#2.0.0)

One thing that might be going on is that my userid is a complete email
address. Do I need to escape the '@' or '.' characters in
/etc/exim4/passwd.client?

Below are the relevant bits of the expanded testing output and the
authenticator configs.

Thanks,

Don

===== Authenticator configs =====

# this returns the matching line from passwd.client and doubles all ^
PASSWDLINE=${sg{\
                ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\
                }\
                {\\N[\\^]\\N}\
                {^^}\
            }


plain:
  driver = plaintext
  public_name = PLAIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
  client_send = "<; ${if !eq{$tls_cipher}{}\
                    {^${extract{1}{:}{PASSWDLINE}}\
                     ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}\
                   }fail}"
.else
  client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\
                    ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.endif


login:
  driver = plaintext
  public_name = LOGIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
  # Return empty string if not non-TLS AND looking up $host in passwd-file
  # yields a non-empty string; fail otherwise.
  client_send = "<; ${if and{\
                          {!eq{$tls_cipher}{}}\
                          {!eq{PASSWDLINE}{}}\
                         }\
                      {}fail}\
                 ; ${extract{1}{::}{PASSWDLINE}}\
                 ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.else
  # Return empty string if looking up $host in passwd-file yields a
  # non-empty string; fail otherwise.
  client_send = "<; ${if !eq{PASSWDLINE}{}\
                      {}fail}\
                 ; ${extract{1}{::}{PASSWDLINE}}\
                 ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.endif



========== Log ==========================


[snip]
Connecting to 192.168.1.75 [192.168.1.75]:465 ... connected
expanding: $primary_hostname
result: augustine.gateway.2wire.net
waiting for data on socket
read response data: size=42
SMTP<< 220 smtp101.sbc.mail.mud.yahoo.com ESMTP
192.168.1.75 in hosts_avoid_esmtp? no (option unset)
SMTP>> EHLO augustine.gateway.2wire.net

waiting for data on socket
read response data: size=98
  SMTP<< 250-smtp101.sbc.mail.mud.yahoo.com
         250-AUTH LOGIN PLAIN XYMCOOKIE
         250-PIPELINING
         250 8BITMIME
192.168.1.75 in hosts_require_tls? no (option unset)
192.168.1.75 in hosts_avoid_pipelining? no (option unset)
using PIPELINING
192.168.1.75 in hosts_require_auth? no (option unset)
expanding: /etc/exim4/passwd.client
   result: /etc/exim4/passwd.client
condition: exists{/etc/exim4/passwd.client}
   result: true
expanding: $host
   result: 192.168.1.75
expanding: /etc/exim4/passwd.client
   result: /etc/exim4/passwd.client
search_open: nwildlsearch "/etc/exim4/passwd.client"
search_find: file="/etc/exim4/passwd.client"
  key="192.168.1.75" partial=-1 affix=NULL starflags=0
LRU list:
  ?/etc/exim4/passwd.client
  End
internal_search_find: file="/etc/exim4/passwd.client"
  type=nwildlsearch key="192.168.1.75"
file lookup required for 192.168.1.75
  in /etc/exim4/passwd.client
192.168.1.75 in "*"? yes (matched "*")
lookup yielded: [redacted, but correct]
expanding: $host_address
   result: 192.168.1.75
expanding: ${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$host_address}}
   result: 192.168.1.75
expanding: 
   result: 
skipping: result is not used
expanding: <; ${if exists{/etc/exim4/passwd.client} {${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$host_address}}}{} }
   result: <; 192.168.1.75
192.168.1.75 in hosts_try_auth? yes (matched "192.168.1.75")
scanning authentication mechanisms
expanding: $tls_cipher
   result: 
expanding: 
   result: 
condition: !eq{$tls_cipher}{}
   result: false
expanding: 1
   result: 1
skipping: result is not used
expanding: :
   result: :
skipping: result is not used
expanding: $host
   result: 
skipping: result is not used
expanding: /etc/exim4/passwd.client
   result: /etc/exim4/passwd.client
skipping: result is not used
expanding: $value
   result: 
skipping: result is not used
expanding: ${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}
   result: 
skipping: result is not used
expanding: \N[\^]\N
   result: [\^]
skipping: result is not used
expanding: ^^
   result: ^^
skipping: result is not used
expanding: ${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}
   result: 
skipping: result is not used
expanding: $host
   result: 
skipping: result is not used
expanding: /etc/exim4/passwd.client
   result: /etc/exim4/passwd.client
skipping: result is not used
expanding: $value
   result: 
skipping: result is not used
expanding: ${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}
   result: 
skipping: result is not used
expanding: \N[\^]\N
   result: [\^]
skipping: result is not used
expanding: ^^
   result: ^^
skipping: result is not used
expanding: ${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}
   result: 
skipping: result is not used
expanding: \N([^:]+:)(.*)\N
   result: ([^:]+:)(.*)
skipping: result is not used
expanding: \$2
   result: $2
skipping: result is not used
expanding: ^${extract{1}{:}{${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}}}^${sg{${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}}{\N([^:]+:)(.*)\N}{\$2}}
   result: ^^
skipping: result is not used
failed to expand: ${if !eq{$tls_cipher}{}{^${extract{1}{:}{${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}}}^${sg{${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}}{\N([^:]+:)(.*)\N}{\$2}}}fail}
   error message: "if" failed and "fail" requested
failure was forced
plain authenticator yielded 13
expanding: $tls_cipher
   result: 
expanding: 
   result: 
expanding: $host
   result: 
skipping: result is not used
expanding: /etc/exim4/passwd.client
   result: /etc/exim4/passwd.client
skipping: result is not used
expanding: $value
   result: 
skipping: result is not used
expanding: ${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}
   result: 
skipping: result is not used
expanding: \N[\^]\N
   result: [\^]
skipping: result is not used
expanding: ^^
   result: ^^
skipping: result is not used
expanding: ${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}
   result: 
skipping: result is not used
expanding: 
   result: 
skipping: result is not used
condition: and{{!eq{$tls_cipher}{}}{!eq{${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}}{}}}
   result: false
expanding: 
   result: 
skipping: result is not used
failed to expand: ${if and{{!eq{$tls_cipher}{}}{!eq{${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}}{}}}{}fail}
   error message: "if" failed and "fail" requested
failure was forced
login authenticator yielded 13

SMTP>> MAIL FROM:<root@???>
SMTP>> RCPT TO:<porterde@???>
SMTP>> DATA

waiting for data on socket
read response data: size=105
SMTP<< 530 authentication required - for help go to http://help.yahoo.com/help/us/sbc/dsl/mail/pop/pop-11.html
waiting for data on socket
ok=0 send_quit=1 send_rset=1 continue_more=0 yield=0 first_address is not NULL
SMTP>> QUIT

set_process_info: 8306 delivering 1JFLnr-00029w-VX: just tried 192.168.1.75 [192.168.1.75] for porterde@???: result OK
Leaving remote_smtp_smarthost transport
set_process_info: 8306 delivering 1JFLnr-00029w-VX (just run remote_smtp_smarthost for porterde@??? in subprocess)
search_tidyup called
reading pipe for subprocess 8306 (not ended)
read() yielded 5
[snip]


On Thu, Jan 17, 2008 at 12:09:46PM +0100, Marc Haber wrote:
> On Wed, 16 Jan 2008 18:40:40 -0800, Phil Pennock
> <exim-users@???> wrote:
> >To debug manually, then simplifying PLAIN a lot to ignore SASLprep
> >UTF-8 normalisation and authorisation ids, the PLAIN auth is just a
> >base64 encoding of an ASCII NUL, your usercode, another ASCII NUL and
> >then the password.
> >
> >If your usercode is fred and your password is sekret, then do:
> >
> >$ perl -MMIME::Base64 -le '$u="fred"; $p="sekret";
> >    print encode_base64("\0$u\0$p")'

> >
> >This yields:
> > AGZyZWQAc2VrcmV0
> >
> >So to authenticate, you'd type:
> > AUTH PLAIN AGZyZWQAc2VrcmV0
> >or optionally omit the base64 on the first attempt, get a 334
> >continuation prompt, then supply the authentication data.
>
> swaks is a good tool to spare oneself from this pain.
>
> Greetings
> Marc
>
> -- 
> -------------------------------------- !! No courtesy copies, please !! -----
> Marc Haber         |   " Questions are the         | Mailadresse im Header
> Mannheim, Germany  |     Beginning of Wisdom "     | http://www.zugschlus.de/
> Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

>
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/