Re: [exim] Diagnosing problems authenticating as a client

Top Page
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] Diagnosing problems authenticating as a client
On 09/07/2019 00:52, Boylan, Ross via Exim-users wrote:
> I am trying to use exim as a client with my school's email provider, microsoft, as the server.
> Setups very similar to what I'm using worked a few months ago.
>
> My immediate question is whether the transcript at the bottom gives any clues about the problem. In particular, does the absence of a user account from the transcript mean it is not attempting to login as me? That would be consistent with the error message


No. It's there, in the "************" bits.

> 530 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM [BYAPR08CA0053.namprd08.prod.outlook.com]


Searching the web gives a variety of answers; none seem very
satisfactory...

Some say "use port 25 not 587". One says "it started working again
after I changed the account password" (!).


> 2. Campus has introduced two-factor authentication with Duo (after the usual login you have to give a one-time code, usually received on your cell). I had hoped that wouldn't affect the email over SMTP, but it may have. Since my exim server is not wired up to support this, that would cause a failure. Does the fact that there are apparently two separate transmissions of gibberish at authentication time indicate two different "passwords" are being required? I have a feeling the first one may just be an encoded version of my account name (see concern 1).


Yes; account name and password can travel separately. The data is only base64-
encoded; not secure at that level. But it is wrapped in the TLS connection,
as is good practice, so that's fine.

However:

> 14:55:50 SMTP<< 535 5.7.3 Authentication unsuccessful [BYAPR04CA0001.namprd04.prod.outlook.com]


They were not liked. Check them / get them reset / find out
what their new requirements are.

It's not going to work without that.

It's pretty stupid of the server to let the client to carry on all
the way to data-completion before spitting a further error, but hey,
Microsoft...    It's legal SMTP.


>
> 3. Toward the end: "cannot use sendfile for body: spoolfile not wireformat".


This bit, at least, does not indicate a problem. It's only commentary
on Exim's internal operations.

> 4. The list of authenticators does not include LOGIN. However, it does have PLAINTEXT, which I imagine is what's used (if that list is relevant at all when exim is the client).


What list where? I see LOGIN being used, in that transcript:

> 14:55:44   SMTP<< 250-BYAPR04CA0001.outlook.office365.com Hello [66.181.128.6]
> 14:55:44          250-SIZE 157286400
> 14:55:44          250-PIPELINING
> 14:55:44          250-DSN
> 14:55:44          250-ENHANCEDSTATUSCODES
> 14:55:44          250-AUTH LOGIN XOAUTH2              <<<<<<  offered by server


> 14:55:44   SMTP>> AUTH LOGIN                          <<<<<< requested by client


--
Cheers,
Jeremy