Re: authentication of multiple users for one mail server
On Thu, 09 Sep 2010 16:36:33 -0400, brownh wrote: Camaleón writes: On Wed, 08 Sep 2010 16:52:23 -0400, brownh wrote: (...) When it comes to digging into exim4's configuration files, it all goes over my head. But I gather from googling that exim4's default is to route to only local mailboxes or domains. If that were do, I'd get nothing out. In any case, I was unable to locate the variable and value DCconfig_internet=1 in all the exim4 configuration files. I would take a look into Exim4 manual: 2.1. The Configuration System http://pkg-exim4.alioth.debian.org/README/README.Debian.html#id280581 And also man update-exim4.conf, more precisely to dc_eximconfig_configtype variable. Thanks, Camaleón, but no luck. I carefully reread the Debian debconf questions, and yet questions remain. I was referring you to the doc on how to setup Exim4 to send e-mails to external hosts. Can't you still send messages to external hosts? :-? In the dpkg-reconfigure section one question asks whether to hide local mail names. What shows up by default is my _local_ domain name. I gather this hiding refers to what appears in the message envelop, and so my intuition is that I would not want the local domain name there. I changed the default to just the domain name. For example, my current machine is teufel.historicalMaterialism.info, and I changed this to historicalMaterialism.info. Was this a mistake? I think the meaning of that field is explained in the the above doc: 2.1.1.8. Hide local mail name in outgoing mail http://pkg-exim4.alioth.debian.org/README/README.Debian.html If you do not want to get the default machine name address, you can change it with this variable. Likewise, in an earlier question, I provide the system mail name. This is the domain name used to construct addresses. However, here again it the default entry was my _local_ domain name, but since I don't want to have my addresses show the local domain name, I changed the default local domain name to domain name. Again, I hope I did the right thing. On the page for the IP addresses for which exim4 should listed, there has traditionally appeared 127.0.0.1. With squeeze, however, it shows up as 127.0.0.1 ; ::1 without explanation. What is this added ::1 IP address? Or is it garbage that I should cut out? That is the loopback address in ipv6 notation. I would leave the defaults unless you know what are you doing :-) I don't know if any of this has any relation to the SMTP authentication issue. I understand that it is best to rely on TLS authentication, which I'll try in the future, but this issue has already interferred too much with important work, so must leave put off the big challenge of TLS for the next time and cross my fingers in the meantime. (...) One suggestion. E-mail servers can be complex. I'd configure first the basics of Exim's mailing system (sending and receiving from local and remote, users...) and then go on with adding extra security (TLS, SSL). First time I had to setup an e-mail server (Postfix) before starting editing the config files, I wrote down in a paper the whole mailing routing and setup based on my expectations (what I wanted to get and how I wanted things to get done). Then, I read a lot of documentation about the mail server I was to configure to get an idea of how the service works. The basis of all mail servers are almost the same, but the tips and tricks to configure them vary a lot. I mean a lot :-) The last thing I did was to run a simple setup (just one user, to send and receive e-mails) to get a start point. After that, I fine-grained the setup by adding smtp-auth, tls, imap, etc... Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2010.09.10.07.02...@gmail.com
Re: authentication of multiple users for one mail server
Camaleon, Thanks for your patience, and I seem to have stumbled on my problem: emim4 configuration. Regarding the value for system mail name, in retrospect it does makes sense, but not when I was reading the document you cited. First, if I can reconstruct my thinking correctly, I failed to associate the word mailname, which was not explicitly defined, with domain. If I asked someone on the street what their mailname is, they would give me their email address. I knew that it actually meant domain, but I had to figure out from its function that it was not really the system name (i.e., the domain of a host on a LAN), but the alternative meaning of domain, which unfortunately has no dedicated term such as internet domain. I may be dense and my reading perverse, but it's folks like me that manuals are for ;-) In any case, the source of my problem was my adding my domain name to the list of recipient domains. Again, in retrospect, I understand why this caused exim4 to fail to route a message to another machine that happened to have the same domain name before the LAN was set up. Exim4 naturally looks for the user's of that domain name on its own host or local network and, not finding the user, does not by default ultimately send the message to my provider's mail server. Instead, it simply gives up and returns a routing error message. I guess the assumption is that if a person assigns a local domain name to the host, they intend to make it part of a LAN, and so instinctively know that until such a LAN is actually in place, the local host is not able to send a message to another host having the same domain name. My problem was that I tried to set up and test email before constructing the LAN. Haines -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87tylxbw6f@teufel.historicalmaterialism.info
Re: authentication of multiple users for one mail server
On Fri, 10 Sep 2010 08:49:28 -0400, brownh wrote: Camaleon, Thanks for your patience, and I seem to have stumbled on my problem: emim4 configuration. Regarding the value for system mail name, in retrospect it does makes sense, but not when I was reading the document you cited. First, if I can reconstruct my thinking correctly, I failed to associate the word mailname, which was not explicitly defined, with domain. If I asked someone on the street what their mailname is, they would give me their email address. I knew that it actually meant domain, but I had to figure out from its function that it was not really the system name (i.e., the domain of a host on a LAN), but the alternative meaning of domain, which unfortunately has no dedicated term such as internet domain. I may be dense and my reading perverse, but it's folks like me that manuals are for ;-) :-) system mail name is indeed a key value for a correct setup of any mail system. I don't know how is Exim in this respect, but at least in Postfix (another e-mail server) the name of the host is a critical part for a correct routing of the messages as well as for applying security features. Many other variable values depend on this one to get the system working. The value of this variable may depend of the nature of your e-mail server. If you are using it just for your lan you can put here the name of the computer where Exim is running (I think this is the default, plus the dot extension: .site) but if you are running a virtual hosting, this value is usually changed to something more neutral, like smtp.hosting-c.com or just hosting-c.com or any other real, accessible and routeable domain name. In any case, the source of my problem was my adding my domain name to the list of recipient domains. Again, in retrospect, I understand why this caused exim4 to fail to route a message to another machine that happened to have the same domain name before the LAN was set up. Exim4 naturally looks for the user's of that domain name on its own host or local network and, not finding the user, does not by default ultimately send the message to my provider's mail server. Instead, it simply gives up and returns a routing error message. I guess the assumption is that if a person assigns a local domain name to the host, they intend to make it part of a LAN, and so instinctively know that until such a LAN is actually in place, the local host is not able to send a message to another host having the same domain name. My problem was that I tried to set up and test email before constructing the LAN. When something goes wrong, reading mail server logs tends to be very constructive and gives you a high chance to solve the issue in minutes :-) One of the firsts test to try when setting up en e-mail server is to run a telnet session on the local machine (the one running Exim), just with telnet localhost 25. If that succeeds, then try the same from another computer in the lan, changing the localhost for the IP address of the server telnet 192.168.0.1 25 and check if you get a response from Exim. Then, you can try with the domain name, the one you used for system mail name and see if you get a response. Should you get no connection or e-mails are not reaching their recipients, you have to stop here and read the logs to find out what can be the cause of this. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2010.09.10.14.06...@gmail.com
Re: authentication of multiple users for one mail server
On Wed, 08 Sep 2010 16:52:23 -0400, brownh wrote: (...) When it comes to digging into exim4's configuration files, it all goes over my head. But I gather from googling that exim4's default is to route to only local mailboxes or domains. If that were do, I'd get nothing out. In any case, I was unable to locate the variable and value DCconfig_internet=1 in all the exim4 configuration files. I would take a look into Exim4 manual: 2.1. The Configuration System http://pkg-exim4.alioth.debian.org/README/README.Debian.html#id280581 And also man update-exim4.conf, more precisely to dc_eximconfig_configtype variable. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2010.09.09.06.35...@gmail.com
Re: authentication of multiple users for one mail server
Camaleón noela...@gmail.com writes: On Wed, 08 Sep 2010 16:52:23 -0400, brownh wrote: (...) When it comes to digging into exim4's configuration files, it all goes over my head. But I gather from googling that exim4's default is to route to only local mailboxes or domains. If that were do, I'd get nothing out. In any case, I was unable to locate the variable and value DCconfig_internet=1 in all the exim4 configuration files. I would take a look into Exim4 manual: 2.1. The Configuration System http://pkg-exim4.alioth.debian.org/README/README.Debian.html#id280581 And also man update-exim4.conf, more precisely to dc_eximconfig_configtype variable. Greetings, -- Camaleón Thanks, Camaleón, but no luck. I carefully reread the Debian debconf questions, and yet questions remain. In the dpkg-reconfigure section one question asks whether to hide local mail names. What shows up by default is my _local_ domain name. I gather this hiding refers to what appears in the message envelop, and so my intuition is that I would not want the local domain name there. I changed the default to just the domain name. For example, my current machine is teufel.historicalMaterialism.info, and I changed this to historicalMaterialism.info. Was this a mistake? Likewise, in an earlier question, I provide the system mail name. This is the domain name used to construct addresses. However, here again it the default entry was my _local_ domain name, but since I don't want to have my addresses show the local domain name, I changed the default local domain name to domain name. Again, I hope I did the right thing. On the page for the IP addresses for which exim4 should listed, there has traditionally appeared 127.0.0.1. With squeeze, however, it shows up as 127.0.0.1 ; ::1 without explanation. What is this added ::1 IP address? Or is it garbage that I should cut out? I don't know if any of this has any relation to the SMTP authentication issue. I understand that it is best to rely on TLS authentication, which I'll try in the future, but this issue has already interferred too much with important work, so must leave put off the big challenge of TLS for the next time and cross my fingers in the meantime. By default, exim4 employs TLS authentication, and so disables AUTH PLAIN and AUTH LOGIN. But it does not say what these entities are. Variables given values somewhere? Apparently not. So what are they? I can only guess the first has to do with plain text authentication with the SMTP mailserver, but what is the second? My fetchmail must logs into the mail server, but apparently not exim4. Now, from a reading of the documentation, it appears that for any host that is authenticated in plain text, I need to add the authenticating information into /etc/exim4/passwd.client. That much is clear, but then it says, If you need to enable AUTH PLAIN or AUTH LOGIN Do I need to do so simply because I'm using plain text authentication? Do I need to do one or the other but not both? Since these entities were not defined, I don't know if I need to do it, and further, I'm not told what to do and where to do it. Someone suggested I needed to change value of DCconfig, and you suggested to change the value of dc_eximconfig_configtype, but neither variable, if that's what they are, appear in the configuration files for me to change. So I spent some time googling, and apparently the proper variable is AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS. I had to google yet more to find that the value for this variable should be defined as = true. But further googling provided only a hint that it should be placed at the top of the /etc/exim4/conf.d/main/03_exim4-config_tlsoptions file. So I tried it, and it didn't work. A messge from my new installation of squeeze on one machine (us...@historicalmaterialism.info) cannot be sent to the provider mail server and delivered from there to another machine which has the us...@historicalmaterialism.info address. Exim4 simply complains I can't route the outgoing message. At this point, I can only communicate from the first machine to the second by sending messages to it to a couple other domain names that the second machine happens to listen to. Haines -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/8739tid57y@teufel.historicalmaterialism.info
Re: authentication of multiple users for one mail server
Sorry to follow up on my own message, but did some more thinking about the problem. I'm asking Exim4 to send a message to another user having the same domain name. So does this mean exim searches for that user locally rather than ship the message off to my provider's mail server? In my previous message, I went though exim configuration, where at certain points I changed the local domain to the domain. Was this a mistake in one or two cases. A local domain in one or two configuration questions might tell exim that the message is not for a user on its own machine or network, and so it would be routed to my provider's mail server? Just a thought. Haines Brown -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87y6babpbz@teufel.historicalmaterialism.info
Re: authentication of multiple users for one mail server
Celejar, sorry, I thought I was asking just a generic question. Yes, I'm running exim4 under debian squeeze, with SMTP authentication required, and I do have an entry in my /etc/exim4/passwd.client file, and my problem probably has to do with the syntax of the entries. For years I've used a wild card for the mail server, entered my UID for the mail server, which is my email address, and finally the password for this account: *:bro...@historicalmaterialism.info:password Now I have a second box with a different user account name (which I'll call user1 here), which wants to be authenticated by this same mail server. On this second box, exim4 creates the From: line by attaching the user account name (user1) to the domain name: us...@historicalmaterialism.info. The aim is to have this sender address authenticated. I try various things in passwd.client: Outgoing mail accesses my mail server account with a UID which is my email address (br...@historicalmaterialism.info) and a password (password). So, for user1 on the new machine to use this email account, I put in the line: *:bro...@historicalmaterialism.info:password This does not work because the From: line of the outgoing message is us...@historicalmaterialism.info, and so the server wants to see if this user1 is legit. So I add this line: *:us...@historicalmaterialism.info:password But this is not the UID of the account name, and so does not work. In desperation I also tried a wild card to cover all users: *:*...@historicalmaterialism.info:password In any ase, when user1 attempts to send a message, it immediately bounces with this error message: recipi...@address.com SMTP error from remote mail server after RCPT TO: recpi...@address.com: host mail.historicalMaterialism.info [216,239...]: 553.5.7.1 us...@historicalmaterialism.info: Sender address rejected: not onwed by user bro...@historicalmaterialism.info I took this to mean that the error message cames from my ISP's mail server even though it seems instantaneous. mail.historical.materialism is the mail account on that server. I assume that the account on the mail server with UID bro...@historicalmaterialism.info could not authenticate mail from us...@historicalmaterialism.info. Haines -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87y6bc77ui@teufel.historicalmaterialism.info
Re: authentication of multiple users for one mail server
On Wed, 08 Sep 2010 08:11:49 -0400 brownh bro...@historicalmaterialism.info wrote: Celejar, sorry, I thought I was asking just a generic question. Yes, I'm running exim4 under debian squeeze, with SMTP authentication required, and I do have an entry in my /etc/exim4/passwd.client file, and my problem probably has to do with the syntax of the entries. For years I've used a wild card for the mail server, entered my UID for the mail server, which is my email address, and finally the password for this account: *:bro...@historicalmaterialism.info:password I assume you're saying that 'brownh' is both the username on your machine, as well as the username of the account with the mail provider. Now I have a second box with a different user account name (which I'll call user1 here), which wants to be authenticated by this same mail server. On this second box, exim4 creates the From: line by attaching the user account name (user1) to the domain name: us...@historicalmaterialism.info. The aim is to have this sender address authenticated. I try various things in passwd.client: Outgoing mail accesses my mail server account with a UID which is my email address (br...@historicalmaterialism.info) and a password (password). So, for user1 on the new machine to use this email account, I put in the line: *:bro...@historicalmaterialism.info:password This does not work because the From: line of the outgoing message is us...@historicalmaterialism.info, and so the server wants to see if this user1 is legit. So I add this line: *:us...@historicalmaterialism.info:password But this is not the UID of the account name, and so does not work. In desperation I also tried a wild card to cover all users: *:*...@historicalmaterialism.info:password In any ase, when user1 attempts to send a message, it immediately bounces with this error message: recipi...@address.com SMTP error from remote mail server after RCPT TO: recpi...@address.com: host mail.historicalMaterialism.info [216,239...]: 553.5.7.1 us...@historicalmaterialism.info: Sender address rejected: not onwed by user bro...@historicalmaterialism.info It seems that what you want to do is have exim always use 'brownh' as the sender. I'm not that much of an exim expert, but this might help: http://docs.exim.org/4.10/FAQ_8.html I took this to mean that the error message cames from my ISP's mail server even though it seems instantaneous. mail.historical.materialism is the mail account on that server. I assume that the account on the mail server with UID bro...@historicalmaterialism.info could not authenticate mail from us...@historicalmaterialism.info. Yes, it seems that the mail server is insisting that you use your own email address. Many providers will just silently rewrite the From: lines to your address (I believe that Gmail, for example, does / did this), but apparently in your case, it's just rejecting mail without a proper From. Note that that there are two completely different 'From's that can be causing the problem: the Envelope sender address, and the mail From: header. You can try experimenting to see which one(s) are important to your provider, or you can just have exim rewrite both. Celejar -- foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100908115607.fdd4c20a.cele...@gmail.com
Re: authentication of multiple users for one mail server
I've made some progress simply by defining a set of users+domains on my host mail server. Broadly, now I've got three machines all speaking with each other. However, while the machine running squeeze I'm trying to setup can communcate through an alias on another server and to various addresses, it can't send mail to my current machine to its primary address: exim's error is that it is unroutable. However, I would assume that for an administrator handling dozens or hundreds of accounts which need access to a mail server, the administrator does not create all these accounts in the mail server nor fill up exim4 configuration files with all the information. It seems more likely there would be a simple alias list to grant user account access to the mail server. As for my present situation, from within the account named haines on the new machine, I can send mail to old machine, bro...@historicalmaterialism through a forwarding service on another server and I can send mail to my current machine using an alternative domain name for it, but can't send a message directly to bro...@historicalmaterialism.info. When it comes to digging into exim4's configuration files, it all goes over my head. But I gather from googling that exim4's default is to route to only local mailboxes or domains. If that were do, I'd get nothing out. In any case, I was unable to locate the variable and value DCconfig_internet=1 in all the exim4 configuration files. Haines -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/877hiwc60o@teufel.historicalmaterialism.info
Re: authentication of multiple users for one mail server
brownh put forth on 9/8/2010 3:52 PM: I've made some progress simply by defining a set of users+domains on my host mail server. Broadly, now I've got three machines all speaking with each other. However, while the machine running squeeze I'm trying to setup can communcate through an alias on another server and to various addresses, it can't send mail to my current machine to its primary address: exim's error is that it is unroutable. This architecture of SMTP end-to-end mail routing/delivery died about 15 years ago along with pure UNIX networks. As you are discovering, configuring this architecture is a nightmare, and is the exact reason POP and IMAP were created, and mail user agents modified to take advantage of POP and IMAP servers. Designate one of your machines as your MX host, install a POPer or IMAP server, and configure user MUAs accordingly. This is the modern way of delivering email to users, and it's really the only sane way to do it, from an SA's POV. Look into Dovecot. -- Stan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c881e70.3040...@hardwarefreak.com
authentication of multiple users for one mail server
I've never encountered this problem before because I've always used the same user name, but now I'm setting up a machine with different user accounts and I need to have all these users' outgoing mail authenticated by the mail server. I run exim4, but not procmail. Although the error message says it is from the remote mail server, it shows up instantly, and I suspect the error is generated locally. I've struggled with the Exim book, but it goes over my head. I tried listing users in /etc/exim4/passwd.client, but that was a bad guess. Haines Brown -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/8762yg9a80@teufel.historicalmaterialism.info
Re: authentication of multiple users for one mail server
On Tue, 07 Sep 2010 23:37:35 -0400 brownh bro...@historicalmaterialism.info wrote: I've never encountered this problem before because I've always used the same user name, but now I'm setting up a machine with different user accounts and I need to have all these users' outgoing mail authenticated by the mail server. I run exim4, but not procmail. Although the error message says it is from the remote mail server, it shows up instantly, and I suspect the error is generated locally. I've struggled with the Exim book, but it goes over my head. I tried listing users in /etc/exim4/passwd.client, but that was a bad guess. More information is necessary. Where do you see this error message? What, exactly, does it say? If exim is configured to relay to a smarthost, than only exim needs to be configured with the smarthost's credentials (in passwd.client), and only one set of them is required. Celejar -- foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100908001135.696ca2cd.cele...@gmail.com