Re: [exim] Different problems with exim (-52)

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date: 2008-09-28 00:12 -000
To: Mirko S.
CC: exim-users
New-Topics: Re: [exim] Saslauthd problem with exim
Subject: Re: [exim] Different problems with exim (-52)
On 2008-09-27 at 16:24 +0200, Mirko S. wrote:
> I'm not sure, if this did do, what it should:
> myhost:~ # su exim
> myhost:~ # whoami
> root


No error messages? *sigh*

> > run "exim -d -be" and in the string
> > expansion interactive prompt, try using saslauthd{} there. Log messages
> > and errors will all be shown to you.
>
> It doesn't make any difference, whatever I replace "myuser" and
> "password" in the following input by:
> myhost:~ # /usr/exim/bin/exim -be -d+auth+expand
> [some output]
> Authenticators: cyrus_sasl plaintext
> [more output]
> > ${if saslauthd{{myuser}{password}}{1}{0}}
> expanding: myuser
>    result: myuser
> expanding: password
>    result: password
> Running saslauthd authentication for user "myuser"
> saslauthd userid='myuser' servicename='' realm=''
> Answer 'NO PAM auth error' received.
> saslauthd: access denied (NO PAM auth error)


Right, so you have a PAM auth error, so look in your system logs for the
PAM failure and see what reason it gets. Look in wherever
/etc/syslog.conf (or whatever your logging system uses) for where
LOG_AUTH messages go. It seems that your saslauthd is configured to use
a PAM backend and that is refusing the authentication.

Hopefully your OS packages testsaslauthd with saslauthd, which will let
you directly test that saslauthd is configured correctly.

> > Yes. The default configuration includes a line like:
> > * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
>
> If it did this, it would be ok ;)


Right, those are the retries, but there has to be something to *attempt*
the retries, which is what the queue-runners are for:

> > You need to either start queue-runners from cron or have the Exim daemon
> > launch queue-runners (which is the normal way). Eg, "exim -bd -q15m"
> > will have the daemon launch queue-runners every 15 minutes. -q2m for
> > every two minutes, -q1d for once per day, etc.
>
> Ok, I ran exim just with -bd option - Now I put a -q5m at the end. I
> hope it's correct now. But I don't know, how to check that. You have any
> idea?


Plenty, but they involve using a second mail-server which you configure
to issue temporary rejects, and configuring a way for mail to get to
that server (DNS or custom router). In actuality, I strongly suspect
that you're fine now that you're starting queue-runners and if you just
leave it, you'll find the problem gone.

> >> b) Information for the sender. Can I tell exim to send a mail back to
> >> sender, if it doesn't work for e.g. 1h with a content like "I couldn't
> >> send your mail for 60 minutes, but I will keep trying". And after a
> >> successfull transmit I'd like to get a mail like "I did it, finally!"
> >
> > The delayed notification normally happens after 24hrs. Look at the
> > delay_warning option. There is no support for success notifications.
>
> I couldn't find this is the documentation, so I just tried. When I put
> the following line before the first "begin" keyword exim comes up
> without any errors, so I hope, it was correct ;)


Look for "spec.txt", it's the complete Exim Specification, in plain-text
form. Then you can use your text-viewer's search facility to search for
strings within that. Eg, with less(1) you have the '/' key to search
for a pattern (a regex, by default).

> delay_warning = 1h:3h:5h:8h:12h:24h:48h
>
> Will this do the job? And again: How can I check?


I believe that it will work. You would test, again, by having a second
mail-server which you control and which issues temporary errors for an
address under your control.


[ SNIP the SpamAssassin stuff, which I don't use and we're hoping
someone else on the list chimes in ]

> Hehe - I think I wanted to write "those" - but, in dead, "these" sounds
> better :P


In death, only vampires are listening. Indeed, English is a weird
language.

-Phil