Re: [exim] exim4 Versions above about 4.80 Don't Talk to my …

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Martin McCormick
Data:  
Para: exim-users
Assunto: Re: [exim] exim4 Versions above about 4.80 Don't Talk to my ISP's smarthost.

I am replying to 2 postings.

Jeremy Harris via Exim-users <exim-users@???> writes:
> This will be the magic bit, and the syntax looks right, so
> best guess is that you placed it in the wrong place.


    Thank you!
I certainly did but I am not quite good yet.


> Compare that file with:
>
> http://exim.org/exim-html-current/doc/html/spec_html/ch-the_smtp_transport.html#SECID146


That's an excellent resource.

> You're trying to add an option on the transport definition
> for your smarthost. What I don't know is if that's the right
> file for Debian these days; with luck comments in it may help.
> Alternatively, the Debian config-helper may know about
> SSL-on-connect configurations for smarthosts already; you may
> not need ot do it manually.


    I double-checked and added it again only this time, I did
put it in the right place which is the very bottom of the file
and it actually now gets me logged in for the first time but read
on as I now uncovered another much less serious problem but still
a show-stopper.


    Responding to another poster:



Heiko Schlittermann via Exim-users <exim-users@???> writes:
> Try
>
>     $ exim -bP config

>
> and check the output, maybe you even can send us the transport section
> from the output. Do you have multiple transports defined there?


    Here it is and there is only 1 besides local.


    transport = remote_smtp


  smarthost:
    debug_print = "R: smarthost for $local_part@$domain"
    driver = manualroute
    domains = ! +local_domains
    transport = remote_smtp_smarthost
    route_list = * smtp.suddenlink.net::465 byname
    host_find_failed = ignore
    same_domain_copy_routing = yes
    no_more
    COND_LOCAL_SUBMITTER = "${if match_ip{$sender_host_address}{:@[]}{1}{0}}"


  real_local:
    debug_print = "R: real_local for $local_part@$domain"
    driver = accept
    domains = +local_domains
    condition = "${if match_ip{$sender_host_address}{:@[]}{1}{0}}"
    local_part_prefix = real-
    check_local_user
    transport = mail_spool


  system_aliases:
    debug_print = "R: system_aliases for $local_part@$domain"
    driver = redirect
    domains = +local_domains
    allow_fail
    allow_defer
    data = ${lookup{$local_part}lsearch{/etc/aliases}}


    While I am at it, I did see a note about a variable
called keep_environment and it is now set as follows:


keep_environment =

It appears to not be set.

> (Using protocol = smtps in the outbound transport should switch the
> remote port to "smtps")
>
> What is the output from:
>
>     $ getent services smtps


urd                   465/tcp ssmtp smtps

>
> The log you sent doesn't have any indication about the remote port and
> about using TLS-on-connect.


    Thanks for all the help and for the good questions in
which I am glad to report that now I am being authenticated
correctly up to a point and as I just reported, there is still
one small problem.  Here is the log that almost made good but my
user ID changes as you watch.  It is supposed to be
martin.m@??? but it morphs in to just
martin@???.  My user account on this system is martin
and, somehow, martin.m got set back to martin.


    The last part of this long message is the log of the
delivery attempt.  As you see, I do now log in to the smarthost
and the only reason for the failure is that the sender name gets
changed.


    The ISP knows me as martin.m which is why the process
still falls short.  End of message except for the long log.


Exim version 4.89 uid=0 gid=0 pid=20965 D=fbb95cfd

Skipping down to the connection:

Considering: wb5agz@???
unique = wb5agz@???
dbfn_read: key=R:arrl.net
dbfn_read: key=R:wb5agz@???
dbfn_read: key=R:wb5agz@???:<martin@localhost>
no domain retry record
no address retry record
wb5agz@???: queued for routing
closed hints database and lockfile
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

routing wb5agz@???

> hubbed_hosts router <


local_part=wb5agz domain=arrl.net
checking domains
expansion of "${if exists{/etc/exim4/hubbed_hosts}{partial-lsearch;/etc/exim4/hubbed_hosts}fail}" forced failure: assume not in this list
hubbed_hosts router skipped: domains mismatch

> smarthost router <


local_part=wb5agz domain=arrl.net
checking domains
arrl.net in "@:localhost"? no (end of list)
arrl.net in "! +local_domains"? yes (end of list)
R: smarthost for wb5agz@???
calling smarthost router
smarthost router called for wb5agz@???
domain = arrl.net
route_item = * smtp.suddenlink.net::465 byname
arrl.net in "*"? yes (matched "*")
original list of hosts = "smtp.suddenlink.net::465" options = byname
expanded list of hosts = "smtp.suddenlink.net::465" options = byname
set transport remote_smtp_smarthost
finding IP address for smtp.suddenlink.net:465
host=smtp.suddenlink.net port=465
calling host_find_byname
gethostbyname2(af=inet6) returned 4 (NO_DATA)
fully qualified name = smtp.suddenlink.net
gethostbyname2 looked up these IP addresses:
name=smtp.suddenlink.net address=208.180.40.68
queued for remote_smtp_smarthost transport: local_part = wb5agz
domain = arrl.net
errors_to=NULL
domain_data=NULL localpart_data=NULL
routed by smarthost router
envelope to: wb5agz@???
transport: remote_smtp_smarthost
host smtp.suddenlink.net [208.180.40.68] port=465
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

After routing:
  Local deliveries:
  Remote deliveries:
    wb5agz@???
  Failed addresses:
  Deferred addresses:
search_tidyup called

>>>>>>>>>>>>>>>> Remote deliveries >>>>>>>>>>>>>>>>


> wb5agz@??? <


localhost in "@:localhost"? yes (matched "localhost")
localhost in "+local_domains"? yes (matched "+local_domains")
search_tidyup called
set_process_info: 20965 delivering 1fOXzA-0005Rr-UG: waiting for a remote delivery subprocess to finish
selecting on subprocess pipes
changed uid/gid: remote delivery to wb5agz@??? with transport=remote_smtp_smarthost
uid=108 gid=111 pid=20967
auxiliary group list: <none>
set_process_info: 20967 delivering 1fOXzA-0005Rr-UG using remote_smtp_smarthost
T: remote_smtp_smarthost for wb5agz@???
remote_smtp_smarthost transport entered
wb5agz@???
hostlist:
smtp.suddenlink.net:465
checking status of smtp.suddenlink.net
locking /var/spool/exim4/db/retry.lockfile
locked /var/spool/exim4/db/retry.lockfile
EXIM_DBOPEN(/var/spool/exim4/db/retry)
returned from EXIM_DBOPEN
opened hints database /var/spool/exim4/db/retry: flags=O_RDONLY
dbfn_read: key=T:smtp.suddenlink.net:208.180.40.68:465
dbfn_read: key=T:smtp.suddenlink.net:208.180.40.68:465:1fOXzA-0005Rr-UG
closed hints database and lockfile
no message retry record
smtp.suddenlink.net [208.180.40.68]:465 status = usable
208.180.40.68 in serialize_hosts? no (option unset)
delivering 1fOXzA-0005Rr-UG to smtp.suddenlink.net [208.180.40.68] (wb5agz@???)
set_process_info: 20967 delivering 1fOXzA-0005Rr-UG to smtp.suddenlink.net [208.180.40.68] (wb5agz@???)
Transport port=465 replaced by host-specific port=465
Connecting to smtp.suddenlink.net [208.180.40.68]:465 ... 208.180.40.68 in hosts_try_fastopen? no (option unset)
connected
208.180.40.68 in hosts_avoid_esmtp? no (option unset)
208.180.40.68 in hosts_require_ocsp? no (option unset)
208.180.40.68 in hosts_request_ocsp? yes (matched "*")
initialising GnuTLS as a client on fd 7
GnuTLS global init required.
initialising GnuTLS client session
Expanding various TLS configuration options for session credentials.
TLS: no client certificate specified; okay
Added 166 certificate authorities.
GnuTLS using default session cipher/priority "NORMAL"
Setting D-H prime minimum acceptable bits to 1024
208.180.40.68 in tls_verify_hosts? no (option unset)
208.180.40.68 in tls_try_verify_hosts? yes (matched "*")
208.180.40.68 in tls_verify_cert_hostnames? yes (matched "*")
TLS: server cert verification includes hostname: "smtp.suddenlink.net".
TLS: server certificate verification optional.
TLS: will request OCSP stapling
about to gnutls_handshake
gnutls_handshake was successful
TLS certificate verified: peerdn="C=US,ST=New York,L=Bethpage,O=Neptune Holding US Corp.,CN=webmail.suddenlink.net"
cipher: TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256
Have channel bindings cached for possible auth usage.
Calling gnutls_record_recv(0x215c9d0, 0xbf8e3584, 4096)
read response data: size=130
SMTP<< 220 omta03.suddenlink.net ESMTP server (InterMail vM.8.04.03.22 201-2389-100-167-20150619) ready Thu, 31 May 2018 19:33:33 -0500
SMTP>> EHLO wb5agz

cmd buf flush 13 bytes
tls_do_write(0xbf8e4584, 13)
gnutls_record_send(SSL, 0xbf8e4584, 13)
outbytes=13
Calling gnutls_record_recv(0x215c9d0, 0xbf8e3584, 4096)
read response data: size=167
  SMTP<< 250-omta03.suddenlink.net
         250-HELP
         250-XREMOTEQUEUE
         250-ETRN
         250-AUTH=LOGIN PLAIN
         250-AUTH LOGIN PLAIN
         250-PIPELINING
         250-DSN
         250-8BITMIME
         250 SIZE 52428800
208.180.40.68 in hosts_avoid_pipelining? no (option unset)
using PIPELINING
using DSN
208.180.40.68 in hosts_require_auth? no (option unset)
search_open: nwildlsearch "/etc/exim4/passwd.client"
search_find: file="/etc/exim4/passwd.client"
  key="smtp.suddenlink.net" partial=-1 affix=NULL starflags=0
LRU list:
  :/etc/exim4/passwd.client
  End
internal_search_find: file="/etc/exim4/passwd.client"
  type=nwildlsearch key="smtp.suddenlink.net"
file lookup required for smtp.suddenlink.net
  in /etc/exim4/passwd.client
smtp.suddenlink.net in "*.suddenlink.net"? yes (matched "*.suddenlink.net")
lookup yielded: martin.m@???:PW_PW
208.180.40.68 in hosts_try_auth? yes (matched "208.180.40.68")
scanning authentication mechanisms
search_open: nwildlsearch "/etc/exim4/passwd.client"
  cached open
search_find: file="/etc/exim4/passwd.client"
  key="smtp.suddenlink.net" partial=-1 affix=NULL starflags=0
LRU list:
  :/etc/exim4/passwd.client
  End
internal_search_find: file="/etc/exim4/passwd.client"
  type=nwildlsearch key="smtp.suddenlink.net"
cached data used for lookup of smtp.suddenlink.net
  in /etc/exim4/passwd.client
lookup yielded: martin.m@???:PW_PW
search_open: nwildlsearch "/etc/exim4/passwd.client"
  cached open
search_find: file="/etc/exim4/passwd.client"
  key="smtp.suddenlink.net" partial=-1 affix=NULL starflags=0
LRU list:
  :/etc/exim4/passwd.client
  End
internal_search_find: file="/etc/exim4/passwd.client"
  type=nwildlsearch key="smtp.suddenlink.net"
cached data used for lookup of smtp.suddenlink.net
  in /etc/exim4/passwd.client
lookup yielded: martin.m@???:PW_PW

SMTP>> AUTH PLAIN ********************************************

cmd buf flush 57 bytes
tls_do_write(0xbf8e4584, 57)
gnutls_record_send(SSL, 0xbf8e4584, 57)
outbytes=57
Calling gnutls_record_recv(0x215c9d0, 0xbf8e3584, 4096)
read response data: size=31
SMTP<< 235 Authentication successful
plain authenticator yielded 0
SMTP>> MAIL FROM:<martin@???> SIZE=1541 AUTH=martin@localhost
SMTP>> RCPT TO:<wb5agz@???>
SMTP>> DATA

cmd buf flush 100 bytes
tls_do_write(0xbf8e4584, 100)
gnutls_record_send(SSL, 0xbf8e4584, 100)
outbytes=100
Calling gnutls_record_recv(0x215c9d0, 0xbf8e3584, 4096)
read response data: size=177
SMTP<< 250 Sender <martin@???> and extensions (SIZE=1541, AUTH=martin@localhost) Ok

There's where the wheels came off this time. That should have
been martin.m@???

SMTP<< 550 you are not allowed to send mail to <wb5agz@???>