Well, it got me further along. Now I'm wondering if what I want to do is
possible.
The acl I'm trying to troubleshoot is later on in the list:
deny message = Unauthorized use of SMTPA by $authenticated_id -
contact IT Services for assistance
authenticated = *
condition = ${lookup
{$authenticated_id}lsearch{/etc/exim/allowed_accounts}{no}{yes} }
log_message = auth_rejection not_allowed $authenticated_id
I don't know why, but that never fires, even though I get beaucoup failed
authentications which I'd think it should catch. I've been trying to get to
it with exim -bh, but now I'm wondering: Is there any way to get past
STARTTLS? There's no -oMx option for passing a certificate, so how would I
proceed from here in the SMTP dialogue?
STARTTLS
>>> host in tls_resumption_hosts? no (option unset)
>>> host in tls_verify_hosts? no (option unset)
>>> host in tls_try_verify_hosts? no (option unset)
220 TLS go ahead
Nothing I try there gets me past, and I'm thinking now, given what I can
tell exim, maybe I shouldn't be able to get past it. Is that correct?
On Tue, Feb 25, 2025 at 10:48 AM Johnnie W Adams <[email protected]> wrote:
> Thanks! That's got me on the right path now.
>
> On Tue, Feb 25, 2025 at 10:43 AM Evgeniy Berdnikov via Exim-users <
> [email protected]> wrote:
>
>> On Tue, Feb 25, 2025 at 10:03:45AM -0600, Johnnie W Adams via Exim-users
>> wrote:
>> > I'm troubleshooting an acl and having an issue using exim -bh.
>> Here's
>> > the command line:
>> >
>> > exim -d+acl -bh 100.10.10.10.587 -oMai [email protected]
>> ...
>> > It appears to me this is failing because exim believes the
>> submission
>> > is on port 25, even though I've specified port 587 on the command line.
>>
>> Argument for -bh contains the source (remote) address, and optionally
>> source port of client's side of SMTP connection. Not a destination
>> (local)
>> part of connection, that is server's side. Use -oMi to set local port.
>> --
>> Eugene Berdnikov
>>
>> --
>> ## subscription configuration (requires account):
>> ##
>> https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
>> ## unsubscribe (doesn't require an account):
>> ## [email protected]
>> ## Exim details at http://www.exim.org/
>> ## Please use the Wiki with this list - http://wiki.exim.org/
>
>
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## [email protected]
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
