Dave Evans wrote: > On Wed, Oct 31, 2007 at 03:26:13PM -0700, Yan Seiner wrote: > >> 1. Clients connecting on 25 unauthenticated can send email only to the >> local domains. >> >> 2. Clients requesting relaying must connect encrypted and authenticate. >> >> 3. Clients requesting relaying unencrypted are rejected. >> > > Pretty standard... > > >> I have TLS working so encryption is there but I can't get the >> authentication to go. >> > > So it sounds like once you've got the authentication working, your relaying > will be fine too. > > However, I think we could do with some more information... > > What sort of authentication do you want? I've been authenticating against PAM, but from what I gather that's not a good idea. So a local exim passwd file would be fine. (I only have a few users who would request relaying.)
> What does your "authentication" > config section look like? # this returns the matching line from passwd.client and doubles all ^ PASSWDLINE=${sg{\ ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\ }\ {\\N[\\^]\\N}\ {^^}\ } plain: driver = plaintext public_name = PLAIN .ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS client_send = "<; ${if !eq{$tls_cipher}{}\ {^${extract{1}{:}{PASSWDLINE}}\ ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}\ }fail}" .else client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\ ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}" .endif login: driver = plaintext public_name = LOGIN .ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS # Return empty string if not non-TLS AND looking up $host in passwd-file # yields a non-empty string; fail otherwise. client_send = "<; ${if and{\ {!eq{$tls_cipher}{}}\ {!eq{PASSWDLINE}{}}\ }\ {}fail}\ ; ${extract{1}{::}{PASSWDLINE}}\ ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}" .else # Return empty string if looking up $host in passwd-file yields a # non-empty string; fail otherwise. client_send = "<; ${if !eq{PASSWDLINE}{}\ {}fail}\ ; ${extract{1}{::}{PASSWDLINE}}\ ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}" .endif > What sort of failure are you experiencing - does > the server not offer the authentication, or does the server reject the > client's credentials? The server doesn't listen on SSL at all, and anything on 25 is rejected. > What do the logs show? 2007-10-31 14:57:08 H=mail.piercecorporation.com ([192.168.2.3]) [66.224.227.170] F=<[EMAIL PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>: relay not permitted 2007-10-31 14:57:12 unexpected disconnection while reading SMTP command from mail.piercecorporation.com ([192.168.2.3]) [66.224.227.170] > Have you tried running with > debugging enabled (exim -d)? What does the debug output look like? > No; I guess that's next. --Yan -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/