[exim] login authenticator yielded 13 error

Hi dears, I am very new to this thread.

I do have a problem with exim4 and authentication over a connection to a
smarthost postfix server on port 587.

In fact I have several clients running on Raspbian that are working
well, and some clients running on Ubuntu 12.04 Server that can not send
any mail. T
They connect, they perform the tls transaction but when they come to
authentication, they directly send the mail without authenticating. Both
Raspbian and ubuntu are using exactly the same configuration. but
Raspbian can send mails.

if I use swaks it is working fine on both machines:
-code-
swaks --to ghislain@??? -s smtp.server.re:587 -tls -a LOGIN
-code-

If I use the debugging command to send a mail:
-code-
      sendmail -d+auth+expand  ghislain@???
-code-

Here are a selected part of the logs from the successfull raspbian:
---------------------------------------------------------------------------------------------
server@gaudy-WifiController ~ $ sudo sendmail -d+auth+expand ghislain@???
Exim version 4.80 uid=0 gid=0 pid=9720 D=fbb95dfd
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm 
dbmjz dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Compiler: GCC [4.6.3]
Library version: GnuTLS: Compile: 2.12.20
                           Runtime: 2.12.20
Library version: PCRE: Compile: 8.30
                         Runtime: 8.31 2012-07-06

ghislain@???: queued for routing
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
routing ghislain@???

--------> smarthost router <--------
local_part=ghislain domain=zzz.eu

set_process_info:  9727 delivering 1ZWjbM-0002Wm-Ti to smtp.server.re 
[193.253.113.53] (ghislain@???)
Transport port=25 replaced by host-specific port=587
Connecting to smtp.server.re [193.253.113.53]:587 ... connected
expanding: $primary_hostname
     result: gaudy-WifiController
    SMTP<< 220 server.re ESMTP Postfix (Ubuntu)
193.253.113.53 in hosts_avoid_esmtp? no (option unset)
    SMTP>> EHLO gaudy-WifiController
    SMTP<< 250-server.re
           250-PIPELINING
           250-SIZE 20971520
           250-ETRN
           250-STARTTLS
           250-ENHANCEDSTATUSCODES
           250-8BITMIME
           250 DSN
193.253.113.53 in hosts_avoid_tls? no (option unset)
    SMTP>> STARTTLS
    SMTP<< 220 2.0.0 Ready to start TLS

gnutls_handshake was successful
cipher: TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128
Have channel bindings cached for possible auth usage.
    SMTP>> EHLO gaudy-WifiController
    SMTP<< 250-server.re
           250-PIPELINING
           250-SIZE 20971520
           250-ETRN
           250-AUTH PLAIN LOGIN
           250-AUTH=PLAIN LOGIN
           250-ENHANCEDSTATUSCODES
           250-8BITMIME
           250 DSN
193.253.113.53 in hosts_require_auth? no (option unset)
expanding: /etc/exim4/passwd.client
     result: /etc/exim4/passwd.client
condition: exists{/etc/exim4/passwd.client}
     result: true
expanding: $host
     result: smtp.server.re
expanding: /etc/exim4/passwd.client
     result: /etc/exim4/passwd.client
search_open: nwildlsearch "/etc/exim4/passwd.client"
search_find: file="/etc/exim4/passwd.client"
    key="smtp.server.re" partial=-1 affix=NULL starflags=0
LRU list:
    :/etc/exim4/passwd.client
    End
internal_search_find: file="/etc/exim4/passwd.client"
    type=nwildlsearch key="smtp.server.re"
file lookup required for smtp.server.re
    in /etc/exim4/passwd.client
smtp.server.re in "smtp.server.re"? yes (matched "smtp.server.re")
lookup yielded: user@???:userpass

expanding: <; ${if exists{/etc/exim4/passwd.client} 
{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$host_address}}}{} }
     result: <; 193.253.113.53
193.253.113.53 in hosts_try_auth? yes (matched "193.253.113.53")
scanning authentication mechanisms

/****************************/
/* from here it differs in ubuntu */
/****************************/

expanding: $tls_cipher
     result: TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128
expanding:
     result:
condition: !eq{$tls_cipher}{}
     result: true
expanding: 1
     result: 1
expanding: :
     result: :
expanding: $host
     result: smtp.server.re
expanding: /etc/exim4/passwd.client
     result: /etc/exim4/passwd.client
search_open: nwildlsearch "/etc/exim4/passwd.client"
    cached open
search_find: file="/etc/exim4/passwd.client"
    key="smtp.server.re" partial=-1 affix=NULL starflags=0
LRU list:
    :/etc/exim4/passwd.client
    End
internal_search_find: file="/etc/exim4/passwd.client"
    type=nwildlsearch key="smtp.server.re"
cached data used for lookup of smtp.server.re
    in /etc/exim4/passwd.client
lookup yielded: user@???:userpass
expanding: $value
     result: user@???:userpass
expanding: 
${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}
     result: user@???:userpass
expanding: \N[\^]\N
     result: [\^]
expanding: ^^
     result: ^^
expanding: 
${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}
     result: user@???:userpass
expanding: $host
     result: smtp.server.re
expanding: /etc/exim4/passwd.client
     result: /etc/exim4/passwd.client
search_open: nwildlsearch "/etc/exim4/passwd.client"
    cached open
search_find: file="/etc/exim4/passwd.client"
    key="smtp.server.re" partial=-1 affix=NULL starflags=0
LRU list:
    :/etc/exim4/passwd.client
    End
internal_search_find: file="/etc/exim4/passwd.client"
    type=nwildlsearch key="smtp.server.re"
cached data used for lookup of smtp.server.re
    in /etc/exim4/passwd.client
lookup yielded: user@???:userpass
expanding: $value
     result: user@???:userpass
expanding: 
${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}
     result: user@???:userpass
expanding: \N[\^]\N
     result: [\^]
expanding: ^^
     result: ^^
expanding: 
${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}
     result: user@???:userpass
expanding: \N([^:]+:)(.*)\N
     result: ([^:]+:)(.*)
expanding: \$2
     result: $2
expanding: $2
     result: userpass
expanding: 
^${extract{1}{:}{${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}}}^${sg{${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}}{\N([^:]+:)(.*)\N}{\$2}}
     result: ^user@???^userpass
expanding: ${if 
!eq{$tls_cipher}{}{^${extract{1}{:}{${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}}}^${sg{${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}}{\N([^:]+:)(.*)\N}{\$2}}}fail}
     result: ^user@???^userpass
    SMTP>> AUTH PLAIN ************************************
tls_do_write(0xbe7fab68, 49)
gnutls_record_send(SSL, 0xbe7fab68, 49)
outbytes=49
waiting for data on socket
Calling gnutls_record_recv(0xb7569b88, 0xbe7f8b68, 4096)
read response data: size=37
    SMTP<< 235 2.7.0 Authentication successful
plain authenticator yielded 0
    SMTP>> MAIL FROM:<root@gaudy-wificontroller> SIZE=1352 
AUTH=root@gaudy-wificontroller
    SMTP>> RCPT TO:<ghislain@???>
    SMTP>> DATA
tls_do_write(0xbe7fab68, 116)
gnutls_record_send(SSL, 0xbe7fab68, 116)
outbytes=116
waiting for data on socket
Calling gnutls_record_recv(0xb7569b88, 0xbe7f8b68, 4096)
read response data: size=65
    SMTP<< 250 2.1.0 Ok
    SMTP<< 250 2.1.5 Ok
    SMTP<< 354 End data with <CR><LF>.<CR><LF>
    SMTP>> writing message and terminating "."
writing data block fd=6 size=332 timeout=300
tls_do_write(0xb755d230, 332)
gnutls_record_send(SSL, 0xb755d230, 332)
outbytes=332
waiting for data on socket
Calling gnutls_record_recv(0xb7569b88, 0xbe7f8b68, 4096)
read response data: size=37
    SMTP<< 250 2.0.0 Ok: queued as D47198E02EC
journalling ghislain@???
ok=1 send_quit=1 send_rset=0 continue_more=0 yield=0 first_address is NULL
193.253.113.53 in hosts_nopass_tls? no (option unset)
transport_check_waiting entered
    sequence=1 local_max=500 global_max=-1
locking /var/spool/exim4/db/wait-remote_smtp_smarthost.lockfile
locked /var/spool/exim4/db/wait-remote_smtp_smarthost.lockfile
EXIM_DBOPEN(/var/spool/exim4/db/wait-remote_smtp_smarthost)
returned from EXIM_DBOPEN
opened hints database /var/spool/exim4/db/wait-remote_smtp_smarthost: 
flags=O_RDWR
dbfn_read: key=smtp.server.re
no messages waiting for smtp.server.re
    SMTP>> QUIT

Here area selected part of the logs from the problematic ubuntu:
--------------------------------------------------------------------------------------------
server@eberlin-Camera-Server:/etc/exim4$ sudo sendmail -d+auth+expand 
ghislain@???
Exim version 4.82 uid=0 gid=0 pid=6903 D=fbb95dfd
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm 
dbmjz dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Compiler: GCC [4.8.2]
Library version: GnuTLS: Compile: 2.12.23
                           Runtime: 2.12.23
Library version: PCRE: Compile: 8.31
                         Runtime: 8.31 2012-07-06

ghislain@???: queued for routing
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
routing ghislain@???

--------> smarthost router <--------
local_part=ghislain domain=zzz.eu

set_process_info:  6909 delivering 1ZWkLn-0001nL-Mh to smtp.server.re 
[193.253.113.53] (ghislain@???)
Transport port=25 replaced by host-specific port=587
Connecting to smtp.server.re [193.253.113.53]:587 ... connected
expanding: $primary_hostname
     result: eberlin-Camera-Server
    SMTP<< 220 server.re ESMTP Postfix (Ubuntu)
193.253.113.53 in hosts_avoid_esmtp? no (option unset)
    SMTP>> EHLO eberlin-Camera-Server
    SMTP<< 250-server.re
           250-PIPELINING
           250-SIZE 20971520
           250-ETRN
           250-STARTTLS
           250-ENHANCEDSTATUSCODES
           250-8BITMIME
           250 DSN
193.253.113.53 in hosts_avoid_tls? no (option unset)
    SMTP>> STARTTLS
    SMTP<< 220 2.0.0 Ready to start TLS

gnutls_handshake was successful
cipher: TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128
Have channel bindings cached for possible auth usage.
    SMTP>> EHLO eberlin-Camera-Server
    SMTP<< 250-server.re
           250-PIPELINING
           250-SIZE 20971520
           250-ETRN
           250-AUTH PLAIN LOGIN
           250-AUTH=PLAIN LOGIN
           250-ENHANCEDSTATUSCODES
           250-8BITMIME
           250 DSN
193.253.113.53 in hosts_require_auth? no (option unset)
expanding: /etc/exim4/passwd.client
     result: /etc/exim4/passwd.client
condition: exists{/etc/exim4/passwd.client}
     result: true
expanding: $host
     result: smtp.server.re
expanding: /etc/exim4/passwd.client
     result: /etc/exim4/passwd.client
search_open: nwildlsearch "/etc/exim4/passwd.client"
search_find: file="/etc/exim4/passwd.client"
    key="smtp.server.re" partial=-1 affix=NULL starflags=0
LRU list:
    :/etc/exim4/passwd.client
    End
internal_search_find: file="/etc/exim4/passwd.client"
    type=nwildlsearch key="smtp.server.re"
file lookup required for smtp.server.re
    in /etc/exim4/passwd.client
smtp.server.re in "*"? yes (matched "*")
lookup yielded: user@???:userpass

expanding: <; ${if exists{/etc/exim4/passwd.client} 
{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$host_address}}}{} }
     result: <; 193.253.113.53
193.253.113.53 in hosts_try_auth? yes (matched "193.253.113.53")
scanning authentication mechanisms

/*********************/
/* here starts the error */
/*********************/

expanding: $tls_cipher
     result:
expanding:
     result:
condition: !eq{$tls_cipher}{}
     result: false
expanding: 1
     result: 1
skipping: result is not used
expanding: :
     result: :
skipping: result is not used
expanding: $host
     result:
skipping: result is not used
expanding: /etc/exim4/passwd.client
     result: /etc/exim4/passwd.client
skipping: result is not used
expanding: $value
     result:
skipping: result is not used
expanding: 
${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}
     result:
skipping: result is not used
expanding: \N[\^]\N
     result: [\^]
skipping: result is not used
expanding: ^^
     result: ^^
skipping: result is not used
expanding: 
${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}
     result:
skipping: result is not used
expanding: $host
     result:
skipping: result is not used
expanding: /etc/exim4/passwd.client
     result: /etc/exim4/passwd.client
skipping: result is not used
expanding: $value
     result:
skipping: result is not used
expanding: 
${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}
     result:
skipping: result is not used
expanding: \N[\^]\N
     result: [\^]
skipping: result is not used
expanding: ^^
     result: ^^
skipping: result is not used
expanding: 
${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}
     result:
skipping: result is not used
expanding: \N([^:]+:)(.*)\N
     result: ([^:]+:)(.*)
skipping: result is not used
expanding: \$2
     result: $2
skipping: result is not used
expanding: 
^${extract{1}{:}{${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}}}^${sg{${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}}{\N([^:]+:)(.*)\N}{\$2}}
     result: ^^
skipping: result is not used
failed to expand: ${if 
!eq{$tls_cipher}{}{^${extract{1}{:}{${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}}}^${sg{${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}}{\N([^:]+:)(.*)\N}{\$2}}}fail}
     error message: "if" failed and "fail" requested
failure was forced
plain authenticator yielded 13
expanding: $tls_cipher
     result:
expanding:
     result:
expanding: $host
     result:
skipping: result is not used
expanding: /etc/exim4/passwd.client
     result: /etc/exim4/passwd.client
skipping: result is not used
expanding: $value
     result:
skipping: result is not used
expanding: 
${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}
     result:
skipping: result is not used
expanding: \N[\^]\N
     result: [\^]
skipping: result is not used
expanding: ^^
     result: ^^
skipping: result is not used
expanding: 
${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}
     result:
skipping: result is not used
expanding:
     result:
skipping: result is not used
condition: 
and{{!eq{$tls_cipher}{}}{!eq{${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}}{}}}
     result: false
expanding:
     result:
skipping: result is not used
failed to expand: ${if 
and{{!eq{$tls_cipher}{}}{!eq{${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}}{}}}{}fail}
     error message: "if" failed and "fail" requested
failure was forced
login authenticator yielded 13
    SMTP>> MAIL FROM:<root@eberlin-camera-server> SIZE=1356
    SMTP>> RCPT TO:<ghislain@???>
    SMTP>> DATA
tls_do_write(0x7fff09542910, 86)
gnutls_record_send(SSL, 0x7fff09542910, 86)
outbytes=86
waiting for data on socket
Calling gnutls_record_recv(0x7eff9ee97fb0, 0x7fff09543d10, 4096)
read response data: size=105
    SMTP<< 250 2.1.0 Ok
    SMTP<< 554 5.7.1 <ghislain@???>: Relay access denied
    SMTP<< 554 5.5.1 Error: no valid recipients
SMTP error from remote mail server after pipelined DATA: host 
smtp.server.re [193.253.113.53]: 554 5.5.1 Error: no valid recipients
error for DATA ignored: pipelining is in use and there were no good 
recipients
ok=1 send_quit=1 send_rset=1 continue_more=0 yield=0 first_address is NULL
193.253.113.53 in hosts_nopass_tls? no (option unset)
transport_check_waiting entered
    sequence=1 local_max=500 global_max=-1
locking /var/spool/exim4/db/wait-remote_smtp_smarthost.lockfile
locked /var/spool/exim4/db/wait-remote_smtp_smarthost.lockfile
EXIM_DBOPEN(/var/spool/exim4/db/wait-remote_smtp_smarthost)
returned from EXIM_DBOPEN
opened hints database /var/spool/exim4/db/wait-remote_smtp_smarthost: 
flags=O_RDWR
dbfn_read: key=smtp.server.re
no messages waiting for smtp.server.re
    SMTP>> QUIT

You can see that the problem strats with tls_cipher related stuff, I
have been the whole day googling and debugging,now I need help please.

Thanks a lot

--
Ghislain AUTRET
Gérant Ingénieur R&D Domot'île
tel: +262 (0)692 48 74 55
web: http://www.domotile.re
Domot'île
37 rue du Général De Gaulle
97434 St Gilles les bains



---
L'absence de virus dans ce courrier électronique a été vérifiée par le logiciel antivirus Avast.
https://www.avast.com/antivirus