Re: [exim] Synchronising Authentication Between Servers

Top Pagina
Delete this message
Reply to this message
Auteur: Colin
Datum:  
Aan: exim-users
Onderwerp: Re: [exim] Synchronising Authentication Between Servers

On 11/10/2011 18:37, Todd Lyons wrote:
> On Tue, Oct 11, 2011 at 7:51 AM, Colin<exim@???> wrote:
>> If the authentication is handled by the original backend server, they work
>> fine but if I use the authenticator on the front end servers it may or may
>> not work. The problem is consistent in that the same details will fail all
>> the time on a particular server. It is inconsistent in that the details that
>> fail on one server will succeed on a different server.
> This symptom sounds suspiciously like something is hitting a limit.
> Max open sockets, max open files, max file length. But there is
> nothing that you've posted that makes me believe that is what is
> happening. Could it be that the second server is limiting the
> simultaneous number of connections from the front end server? I
> assume that exim doesn't log anything in the panic log.


Good thought but no, I keep an eye on the number of connections versus
things like smtp_accept_max and I have a monitoring script running that
reports back to me if anything is ever complaining of too many
connections. That happened recently because a backup MX server kept
trying to deliver a message to itself so I know they work.

The panic log only has a line in it from when I made a typo in the conf
file when testing.

> The consistency with which it does this on one account definitely
> means something. If you hexdump the password file, do they have
> different line-endings?

I've never really used hexdump, but the files are generated as follows:
1) Script runs on source server one (Centos 5.7, Exim 4.69), generates a
user/password list in an iscsi partition.
2) Script runs on source server two (Centos 6, Exim 4.69) , generates a
separate user/password list in the same partition
3) Third script runs and cat's the two into one file before removing the
two separate files
4) The mail servers (Centos 6, Exim 4.72) copy the resulting password
file from the iscsi partition to /etc/exim/passwd

There is a minor difference in Exim version because the source servers
are cPanel servers and cPanel is at 4.69. The front end mail servers
were built recently from a Centos 6 minimal install.

The usernames and passwords are extracted from a number of passwd/shadow
files that cPanel stores in /home/username/etc/domain.tld

The main difference is that the cPanel usernames do not contain the
domain name and authentication is handled by the courier auth daemon. My
collection script builds the new file from the extracted data. I'm going
to go and check the collection script again to make sure there's no
errors in it because that seems the best candidate for now..

> Extraneous spaces? If you are saying that
> the files are identical with the same md5sum, it's likely that this
> has no bearing on it. (Assuming that the two are the same OS, using
> the same version of exim, using an identical file, etc).
>
> Regards...     Todd