Op 1/2/2018 om 10:48 PM schreef Daniel Kenzelmann: > Hi, > > I'm not entirely sure whether this issue is with exim or with dovecot. > > First some background: > I'm using exim with dovecot-auth which in turn is using LDAP for > authentication. > > When using AUTH PLAIN with the optional initial response argument, > everything is fine. > > However when using AUTH PLAIN without the optional response argument, > instead of getting an empty challenge ("334 ") as per RFC i am getting > a "535 Incorrect authentication data". > > Example: > Working: > 220 XXXX ESMTP 2018-01-02 22:32:33+0100 > EHLO test > 250-XXXX Hello XXXXX [x.x.x.x] > 250-SIZE 52428800 > 250-8BITMIME > 250-PIPELINING > 250-AUTH PLAIN LOGIN > 250-CHUNKING > 250 HELP > AUTH PLAIN XXXXXXXXXXXXXXXXXXXXXXXX== > 235 Authentication succeeded > > NOT-WORKING: > 220 XXXX ESMTP 2018-01-02 22:34:37+0100 > EHLO test > 250-XXXX Hello XXXXX [x.x.x.x] > 250-SIZE 52428800 > 250-8BITMIME > 250-PIPELINING > 250-AUTH PLAIN LOGIN > 250-CHUNKING > 250 HELP > AUTH PLAIN > 535 Incorrect authentication data > > > Here the SASL mechanism should return an empty challenge as per RFC > (i.e. "334 " in SMTP):
This is a an error produced by Exim. I find the Exim error handling in Exim's implementation of the AUTH command rather peculiar. Still, I managed to decipher at least part of it. That error is produced when FAIL status is returned from the driver: https://github.com/Exim/exim/blob/master/src/src/smtp_in.c#L3665 This FAIL status can be returned by the driver itself, but -- in this case more likely -- the Dovecot driver in Exim also returns FAIL status when Dovecot auth service returns "FAIL": https://github.com/Exim/exim/blob/master/src/src/auths/dovecot.c#L472 So, this may very well be an issue triggered by Dovecot. What version of Dovecot is this? Some things were modified in initial response handling recently (v2.3) and I may have messed up something. Does Dovecot log anything interesting with auth_verbose and auth_debug enabled? Regards, Stephan.