Re: [exim] smarthost login failing

Top Page

Reply to this message
Author: paul cooper
Date:  
To: exim-users
Subject: Re: [exim] smarthost login failing
this is way outside my comfort zone :-0

ive set up a test version on my local machine and when i send from a
client

2012-04-16 18:15:59 [4252] SMTP connection from [::1]:51631 I=[::1]:25
(TCP/IP connection count = 1)
2012-04-16 18:16:00 [4259] 1SJpWy-00016h-Ow <= paul@???
H=twelve-m266 [::1]:51631 I=[::1]:25 P=esmtp S=541
id=1334596559.3882.1@twelve-M266 T="test" from <me@???> for
pxxxx@???
2012-04-16 18:16:00 [4259] SMTP connection from twelve-m266 [::1]:51631
I=[::1]:25 closed by QUIT
2012-04-16 18:16:00 [4262] cwd=/var/spool/exim4 3 args: /usr/sbin/exim4
-Mc 1SJpWy-00016h-Ow
2012-04-16 18:16:02 [4262] 1SJpWy-00016h-Ow == pxxxx@???
R=smarthost_auto T=remote_smtp defer (-53): retry time not reached for
any host
2012-04-16 18:16:26 [4379] cwd=/home/mars 2 args: exim -bp
2012-04-16 18:16:36 [4380] cwd=/home/mars 3 args: exim -M 1SJpWy-00016h-Ow
2012-04-16 18:19:22 [4381] 1SJpWy-00016h-Ow Remote host isp.org
xx.xx.xx.xx] closed connection in response to initial connection
2012-04-16 18:19:22 [4380] 1SJpWy-00016h-Ow == pdc124@???
R=smarthost_auto T=remote_smtp defer (-18): Remote host isp.org
[xx.xx.xx.xx] closed connection in response to initial connection

How can I debug this fro my end ?
Do i need to tell the authenticator to encrypt the username/password it
retrieves from the lookup ?

thanks for any pointers


Ive added a port variable to the data file and can look it up
exim -be
'${extract{port}{${lookup{me@???}wildlsearch{/etc/exim4/smarthosts}{$value}fail}}}'
465



config is now

begin routers

smarthost_auto:
debug_print ="T. auto_route remote_smtp for $local_part@$domain from
$sender_address "
self = send
condition =
${extract{smarthost}{${lookup{$sender_address}wildlsearch*@{/etc/exim4/smarthosts}{$v
alue}fail}}}
driver = manualroute
transport = remote_smtp
route_list = *
"${extract{smarthost}{${lookup{$sender_address}wildlsearch{/etc/exim4/smarthosts}
{$value}fail}}}"
domains = ! +local_domains


begin transports

remote_smtp:
debug_print = "T: remote_smtp for $local_part@$domain and $host_address"
driver = smtp
tls_certificate = /etc/exim4/exim.crt
tls_privatekey = /etc/exim4/exim.key
hosts_require_auth = *
port =
${extract{port}{${lookup{me@???}wildlsearch{/etc/exim4/smarthosts}{$value}fail}}}

begin authenticators

login:
driver = plaintext
public_name=LOGIN
client_send = :
"${extract{auth_name}{${lookup{$sender_address}wildlsearch{/etc/exim4/smarthosts}{$value}fail}}}"
:
"${extract{auth_pass}{${lookup{$sender_address}wildlsearch{/etc/exim4/smarthosts}{$value}fail}}}"





On 10/04/12 01:32, Phil Pennock wrote:
> On 2012-04-09 at 17:26 +0100, p cooper wrote:
>> thanks - its now trying to send through the smtp hosts
>>
>> but its trying and failing . The lookups for auth_name and auth_pass (
>> as defined in the authenticator section) from the command line are
>> return the correct values .Its trying to connct to the remote SMTP
>> server but i think the authentication is failing
> You have "hosts_require_auth" on the transport, but it's set only for
> submission/smtps ports; here, you're connecting on port 25.
>
> I would:
>   * use "address_data = ${the wildlsearch stuff}" on the Router
>   * use a Transport which, if it can ${extract...} a "usercode" field
>     from $address_data, tries connecting to port 587 (or even a port
>     field extracted from $address_data)
>   * use "hosts_require_auth = *" on the Transport triggered for this
>     authenticated connection
>   * avoid port numbers in hosts_require_auth, it takes hostnames only
>   * add "client_condition = ${if def:tls_cipher}" to your login
>     authenticator, to ensure you don't send credentials over cleartext
>     (even if server identity is still not verified, you're at least
>     protected against passive attacks)

>
> -Phil
>