Re: [exim] Authentication returns code 435 instead of 535

Top Page
Delete this message
Reply to this message
Author: Yves Goergen
Date:  
To: Marius Schwarz, Yves Goergen via Exim-users, Jeremy Harris
Subject: Re: [exim] Authentication returns code 435 instead of 535
The authenticators you saw in my first message are all there is. Only
PAM, for the PLAIN and LOGIN variants, nothing else. And I'm not aware
that my PAM module fails here. According to its syslog output, it
actually returns PAM_AUTH_ERR in a recent case that resulted in 435.

I think I found the relevant source code here:
https://github.com/Exim/exim/blob/master/src/src/auths/call_pam.c

The last few lines (from 194) seem to do this. I have no chance to
change it, all my negative return values result in the return value
FAIL. This function can only return OK, FAIL or ERROR. When happens then
is up to the calling code inside Exim, I couldn't trace that. Maybe it
always considers an authentication failure temporary and my expectations
are wrong? I just wouldn't assume that credentials would change anytime
soon so a permanent return code would be more appropriate here.

-Yves


-------- Ursprüngliche Nachricht --------
Von: Marius Schwarz via Exim-users <exim-users@???>
Gesendet: Dienstag, 29. Dezember 2020, 17:21 MEZ
Betreff: [exim] Authentication returns code 435 instead of 535

Hi,

Sounds like you have two auth methodes and methode2 is only used when
methode1 fails.

This happens i.e. if mysql and pam are used together.


Best regards,
Marius

Am December 29, 2020 4:11:23 PM UTC schrieb Yves Goergen via Exim-users
<exim-users@???>:
Strange, then why does authentication work fine with correct data? It's

only the incorrect data (decided by a separate server which is
contacted
by my PAM module) that causes a temporary error code in Exim instead of

a permanent. I don't understand the rest of the message Exim writes, I
have no idea where it all comes from. Do I need to know that?

-Yves


-------- Ursprüngliche Nachricht --------
Von: Jeremy Harris via Exim-users <exim-users@???>
Gesendet: Dienstag, 29. Dezember 2020, 01:26 MEZ
Betreff: [exim] Authentication returns code 435 instead of 535

On 29/12/2020 00:05, Yves Goergen via Exim-users wrote:
I see a lot of lines like this in the mainlog:

2020-12-27 20:04:00 login authenticator failed for (USER)
[199.192.16.253]: 435 Unable to authenticate at present
(set_id=scanner@???): Permission denied

So it returns the temporary code 435 instead of the permanent code 535.

Why's that? I'm using the suggested config from the Exim manual. Should

there be a "fail" or "false" somewhere in the expansion?

Depending on your OS, you may have a permissions issue. Note the last
para.
in the docs for the pam expansion condition, and also

      http://wiki.wlug.org.nz/EximSmtpAuth




--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/