[exim-dev] [Bug 823] New: exim does not perform smtp authent…

Top Page
Delete this message
Reply to this message
Author: Jaco Kroon
Date:  
To: exim-dev
New-Topics: [exim-dev] [Bug 823] exim does not perform smtp authentication when performing callouts, [exim-dev] [Bug 823] exim does not perform smtp authentication when performing callouts
Subject: [exim-dev] [Bug 823] New: exim does not perform smtp authentication when performing callouts
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=823
           Summary: exim does not perform smtp authentication when
                    performing callouts
           Product: Exim
           Version: 4.69
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: bug
          Priority: high
         Component: SMTP Authentication
        AssignedTo: nigel@???
        ReportedBy: jaco@???
                CC: exim-dev@???



I'm using exim for a setup where I've got a host on a fixed IP, to which the MX
records is pointing. I'm then forwarding some of these addresses to a host on
a dynamic IP. For this reason I'm using authentication in order to prevent
certain dyndns issues (like a dangling record pointing at some other host).
The dynamic IP also rejects all delivery attempts on non-authenticated
connections.

On the MX host, I've got "require verify = recipient" in my rcpt to acl.

My virtual_user transport will then "rewrite" the addresses to intended
targets, eg, jaco@??? will get rewritten to jaco@???, at
this stage exim will drive jaco@??? to my explicit transport for
atlantis.uls.co.za which will ask it to relay it via authenticated smtp to the
intended host.

When performing a recipient callout verification exim will in the above case
actually connect to the intended host and attempt a "bounce delivery" to
jaco@??? without authenticating. Since the destination host
doesn't accept non-authenticated connections the message gets rejected, and
bounced (due to the fact that the callout doesn't perform authentication).

Fortunately in this case there is a relatively easy workaround, just pretend
that mail.uls.co.za is always authenticated on the recipient host, this does,
however, expose me to dangling IP records again for callout verifications.
Also, I should be able to create a router that "steals" the routing in the case
of verify to only check that the email address exists locally and not cause
SMTP callouts.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email