[exim] Re: Exim 4.92 to 4.94 upgrade breaking

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Cyborg
Datum:  
To: exim-users
Betreff: [exim] Re: Exim 4.92 to 4.94 upgrade breaking
Am 27.06.24 um 15:48 schrieb Jeff Brown via Exim-users:
>
> 2024-06-27 15:26:07 H=([192.168.1.55]) [165.165.192.254]
> X=TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_128_GCM:128 CV=no
> F=<jeff@???> rejected RCPT <email@???>: relay not
> permitted
>
>


You already found the cause: your external connection does not use
SMTP-AUTH and you do not trust that host in your config to relay
messages without SMTP-AUTH.


| After upgrading this instance of exim I cannot send an email as an

authorised user to an outside domain. I get e.g:


if you had been using SMTP-AUTH the exim log would have told you that
you used user xxxxxxxxxx for sending, it would look like this:

... P=esmtpsa X=TLS1.3:TLS_AES_256_GCM_SHA384:256 CV=no
A=LOGIN:<USERNAME> S=5244 ...

First guess: your client can't auth himself anymore.

Depending on the scheme you used to auth yourself, i would start at in
the authenticators section of your conf.

Post the section here IF you used something selfmade or out of the scope
of PLAIN or LOGIN, which have  examples in the default config.

you can verify that your client is ok by doing a manual auth to the server:

*AUTH LOGIN
*The *LOGIN* mechanism is another common method to login to an SMTP
server. The SMTP communication example below shows how *AUTH LOGIN* can
be used to make an authenticated login to an server:
S: 220 smtp.server.com Simple Mail Transfer Service Ready
C: EHLO client.example.com
S: 250-smtp.server.com Hello client.example.com
S: 250-SIZE 1000000
S: 250 AUTH LOGIN PLAIN CRAM-MD5
C: AUTH LOGIN
S: 334 VXNlcm5hbWU6
C: adlxdkej
S: 334 UGFzc3dvcmQ6
C: lkujsefxlj
S: 235 2.7.0 Authentication successful

*
*After that the AUTH LOGIN command has been sent to the server, the
server asks for username and password by sending BASE64 encoded text
(questions) to the client. “VXNlcm5hbWU6” is the BASE64 encoded text for
the word "Username" and “UGFzc3dvcmQ6” is the BASE64 encoded text for
the word "Password" in the example above. The client sends username and
password also using BASE64 encoding. "adlxdkej", in the example above,
is a BASE64 encoded username and "lkujsefxlj" is a BASE64 encoded password.

i.e. with "openssl s_client -connect server:25 -starttls smtp" and "
echo -n 'password' | base64"

We need to know:

- which auth scheme is use PLAIN / LOGIN / CRAM-MD5 etc etc.
- is you server still advertising it ( in the response to EHLO see above)
- exim config from the section for that scheme


best regards,
Cyborg

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/