Re: [exim] Exim4 sends STMP MAIL after failed AUTH

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Phil Pennock
Datum:  
To: James Phillips
CC: exim-users
Betreff: Re: [exim] Exim4 sends STMP MAIL after failed AUTH
On 2008-10-19 at 23:32 -0400, James Phillips wrote:
> While troubleshooting my mail configuration, I found what I beleive to be bugs
> at the link, session and application layers. Relevant to this list is the
> application layer. I am trying to use Exim4 in STMP client mode.
>
> After receiving "535 authentication failed (#5.7.1)" from the server, my
> computer reponds with: "MAIL FROM: <nephill#X#icrossroads.com> SIZE=1633\r\n"


There are so many set-ups which advertise authentication and clients
configured to try authentication always that hard-failing on failed
auth, by default, would reduce deliverability. It sucks, but it's the
real world. So in Exim you need to turn on the requirement that
authentication succeed. This is similar to the situation with TLS and
hosts_require_tls.

The Router which handles mail for this destination needs to use a
Transport which has (a) an "smtp" driver and (b) hosts_require_auth set
to a hostlist (or a string expansion resulting in a hostlist).

You can most easily do this by just changing the remote_smtp Transport
and just adding this option, but then you need to track hosts.

If you know that a particular Router handles all mail down this path,
then you set it to use a new Transport remote_smtp_authreq which is a
clone of remote_smtp but which sets "hosts_require_auth = *".

Regards,
-Phil

--------------------------------------------------------------
-hosts_require_auth-Use: smtp-Type: host list*-Default: unset-
--------------------------------------------------------------

This option provides a list of servers for which authentication must succeed
before Exim will try to transfer a message. If authentication fails for servers
which are not in this list, Exim tries to send unauthenticated. If
authentication fails for one of these servers, delivery is deferred. This
temporary error is detectable in the retry rules, so it can be turned into a
hard failure if required. See also hosts_try_auth, and chapter 33 for details
of authentication.