Dave Evans wrote:
> On Wed, Oct 31, 2007 at 03:26:13PM -0700, Yan Seiner wrote:
>
>> 1. Clients connecting on 25 unauthenticated can send email only to the
>> local domains.
>>
>> 2. Clients requesting relaying must connect encrypted and authenticate.
>>
>> 3. Clients requesting relaying unencrypted are rejected.
>>
>
> Pretty standard...
>
>
>> I have TLS working so encryption is there but I can't get the
>> authentication to go.
>>
>
> So it sounds like once you've got the authentication working, your relaying
> will be fine too.
>
> However, I think we could do with some more information...
>
> What sort of authentication do you want?
I've been authenticating against PAM, but from what I gather that's not
a good idea. So a local exim passwd file would be fine. (I only have a
few users who would request relaying.)
> What does your "authentication"
> config section look like?
# this returns the matching line from passwd.client and doubles all ^
PASSWDLINE=${sg{\
${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\
}\
{\\N[\\^]\\N}\
{^^}\
}
plain:
driver = plaintext
public_name = PLAIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
client_send = "<; ${if !eq{$tls_cipher}{}\
{^${extract{1}{:}{PASSWDLINE}}\
^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}\
}fail}"
.else
client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\
^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.endif
login:
driver = plaintext
public_name = LOGIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
# Return empty string if not non-TLS AND looking up $host in passwd-file
# yields a non-empty string; fail otherwise.
client_send = "<; ${if and{\
{!eq{$tls_cipher}{}}\
{!eq{PASSWDLINE}{}}\
}\
{}fail}\
; ${extract{1}{::}{PASSWDLINE}}\
; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.else
# Return empty string if looking up $host in passwd-file yields a
# non-empty string; fail otherwise.
client_send = "<; ${if !eq{PASSWDLINE}{}\
{}fail}\
; ${extract{1}{::}{PASSWDLINE}}\
; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.endif
> What sort of failure are you experiencing - does
> the server not offer the authentication, or does the server reject the
> client's credentials?
The server doesn't listen on SSL at all, and anything on 25 is rejected.
> What do the logs show?
2007-10-31 14:57:08 H=mail.piercecorporation.com ([192.168.2.3])
[66.224.227.170] F=<[EMAIL PROTECTED]> rejected RCPT
<[EMAIL PROTECTED]>: relay not permitted
2007-10-31 14:57:12 unexpected disconnection while reading SMTP command
from mail.piercecorporation.com ([192.168.2.3]) [66.224.227.170]
> Have you tried running with
> debugging enabled (exim -d)? What does the debug output look like?
>
No; I guess that's next.
--Yan
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
