There is no error since I am using dovecot authenticator. I already
checked the config in the case, everything works as it should.
The plaintext authenticator really needs to use $auth2 as the username.
For other authenticators, from the Exim documentation:
"For the other authenticators, server_condition can be used as an
additional authentication or authorization mechanism that is applied
after the other authenticator conditions succeed."
31.03.2023 22:28, Evgeniy Berdnikov via Exim-users write:
On Fri, Mar 31, 2023 at 04:19:05PM +0300, Dzmitry Shykuts via Exim-users wrote:
I found where the problem was!
It turns out that the Thunderbird mail client uses two types of
authentication with an unencrypted password at the same time: PLAIN and
LOGIN. First it tries PLAIN (and my condition just worked correctly and
there was a standard entry about "Incorrect authentication data" in the
log), and then, since PLAIN failed, Thunderbird used LOGIN (I did not add a
condition) and the mail was successfully sent. Yesterday I did not pay
attention to the authenticator of the second (successful) authentication
attempt in the log, where instead of PLAIN there was already LOGIN.
This is one of at least two bugs in your configuration. I think your PLAIN
authenticator should always fail, because you use $auth1 as name and $auth2
as password, while $auth1 should always be null string for PLAIN.
For PLAIN, $auth2 is username and $auth3 is password (in difference with
parameters of CRAM-MD5 and LOGIN). Look into ch.34 for details.
Running Exim with -d+auth+expand option would make it visible.
Here is the resulting auth config (suddenly it will come in handy for
someone):
dovecot_cram_md5:
driver = dovecot
public_name = CRAM-MD5
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
server_advertise_condition = AUTH_ADVERTISE_CONDITION
server_condition = ${if
or{{match_ip{$sender_host_address}{LAN}}{and{{exists{AUTH_EXCEPTIONS}}{eq{${lookup{$auth1}nwildlsearch{AUTH_EXCEPTIONS}{yes}{no}}}{yes}}}}}}
dovecot_login:
driver = dovecot
public_name = LOGIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
server_advertise_condition = AUTH_ADVERTISE_CONDITION
server_condition = ${if
or{{match_ip{$sender_host_address}{LAN}}{and{{exists{AUTH_EXCEPTIONS}}{eq{${lookup{$auth1}nwildlsearch{AUTH_EXCEPTIONS}{yes}{no}}}{yes}}}}}}
dovecot_plain:
driver = dovecot
public_name = PLAIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
server_advertise_condition = AUTH_ADVERTISE_CONDITION
server_condition = ${if
or{{match_ip{$sender_host_address}{LAN}}{and{{exists{AUTH_EXCEPTIONS}}{eq{${lookup{$auth1}nwildlsearch{AUTH_EXCEPTIONS}{yes}{no}}}{yes}}}}}}
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
