Re: [exim] AUTH FAIL not fatal error?

Top Page

Reply to this message
Author: John Jetmore
Date:  
To: Todd Lyons
CC: exim-users, Frank.Elsner
Subject: Re: [exim] AUTH FAIL not fatal error?
On Tue, Apr 24, 2012 at 3:40 PM, Todd Lyons <tlyons@???> wrote:
> On Tue, Apr 24, 2012 at 12:23 PM, Frank Elsner
> <Frank.Elsner@???> wrote:
>>> > Why is this not a fatal error resulting in a non-delivery report:
>>> > 2012-04-24 17:21:03 1SMhY5-0004Nn-Vg == xxxx@??? R=via_egypt T=smtp defer (-42): authentication required but authentication attempt(s) failed
>>>
>>> Is it possible that the remote server returned 4xx codes in response
>>
>> No. It's a 5xx:
>>
>> 2012-04-24 21:16:41 1SMlBZ-0007qG-4j client authenticator failed H=eg-mailfrontend.elgouna.tu-berlin.de [41.128.204.142] 535 Incorrect authentication data
>> 2012-04-24 21:16:41 1SMlBZ-0007qG-4j == xxxx@??? R=via_egypt T=smtp defer (-42): authentication required but authentication attempt(s) failed
>
> This is from the spec file, pay attention to the last sentence:
>
> hosts_require_auth      Use: smtp       Type: host list†        Default: unset
>
> This option provides a list of servers for which authentication must
> succeed before Exim will try to transfer a message. If authentication
> fails for servers which are not in this list, Exim tries to send
> unauthenticated. If authentication fails for one of these servers,
> delivery is deferred. This temporary error is detectable in the retry
> rules, so it can be turned into a hard failure if required.
>
>
> I personally don't use anything more than the most basic retry rules,
> so I do not know how to specifically do that last bit, likely others
> will be able to provide better feedback.



Todd beat me to it, I found the same info but from a different
direction (chapter 33.5, Authenticaction by an Exim client)

If the response to authentication is a permanent error (5xx code),
Exim carries on searching the list
of authenticators and tries another one if possible. If all
authentication attempts give permanent
errors, or if there are no attempts because no mechanisms match (or
option expansions force
failure), what happens depends on whether the host matches
hosts_require_auth or hosts_try_
auth. In the first case, a temporary error is generated, and delivery
is deferred. The error can be
detected in the retry rules, and thereby turned into a permanent error
if you wish. In the second
case, Exim tries to deliver the message unauthenticated.