exim SMTP Authentication

Discussion:

l***@intergate.com

2005-05-24 20:42:10 UTC

I recently changed ISP's and for the first time, in 12 years, have
more then one email addresses. Thats nice but it seems that the
ISP's smtp server requires an Authentication from exim and I am
having a problem setting it up.

The last try was from the "Debian Reference", chapter 9 which
doesn't seem to work with exim 3.36-16. I have tried

plain:
driver = plaintext
public_name = PLAIN
client_send = "^name^passwd"

from the Reference and

fixed_cram:
driver = cram_md5
public_name = CRAM-MD5
client_name = name
client_secret = passwd

from the spec.txt.

Exim can't find the drivers which leads me to believe that the exim
package wasn't built with AUTH capabilities. If that is so, does
anyone use exim with smtp auth or exim4 with SMTP auth and is is
built into that package?

Hope this mail gets through as the smtp server is bounceing most
mail lately.

Thanks in advance

Wayne

----------------------------------------------------------------

Adam Majer

2005-05-25 01:36:55 UTC

Permalink

Post by l***@intergate.com
Exim can't find the drivers which leads me to believe that the exim
package wasn't built with AUTH capabilities. If that is so, does
anyone use exim with smtp auth or exim4 with SMTP auth and is is
built into that package?

There are two exim packages,

exim4-daemon-heavy - exim MTA (v4) daemon with extended features,
including exiscan-acl

exim4 daemon with extended features. In addition to the features
already supported by exim4-daemon-light, the extended features include
LDAP, PostgreSQL and MySQL data lookups, SASL and SPA SMTP authentication,
embedded Perl interpreter, and exiscan-acl for integration of
virus-scanners and spamassassin.

exim4-daemon-light - lightweight exim MTA (v4) daemon

exim4 daemon with only basic features (including support for TLS
encryption and the dlopen patch to allow dynamic loading of a
local_scan function) enabled. It works well with the standard setups
that are provided by Debian.

If the light version doesn't have the necessary drivers, you should try
the heavy version. I'm right now using the heavy version so that I can
use the cyrus authentification facilities.

- Adam

Wayne Topa

2005-05-26 18:05:27 UTC

Permalink

Adam

Thanks for the tip. I have exim4, with exim4-daemon-light, installed and am
still fighting to get AUTH working. Here is what I have found.

Telnet smtp.intergate.com 25
EHLO intergate.com
250-corpweb.trip.net Hello host-69-95-14-38.roc.choiceone.net [69.95.14.38],
ple
ased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 40000000
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5
250-DELIVERBY
250 HELP

seems to indicate cram-md5 'should' work but here is what I get when I try to
send from this address:
cram_md5 authenticator failed H=smtp.intergate.com [216.139.64.8] 535 5.7.0
authentication failed
if I comment the cram_md5 authenticator out, leaving only the plain and login
authenticators I get (trying to get on the exim4 mail list)
pkg-exim4-users-***@lists.alioth.debian.org R=smarthost
T=remote_smtp_smarthost: SMTP error from remote mailer after
RCPT TO:<pkg-exim4-users-***@lists.alioth.debian.org>: host
smtp.intergate.com [216.139.64.8]: 550 5.7.1
<pkg-exim4-users-***@lists.alioth.debian.org>.
.. Relaying denied. Proper authentication required.

Going through the exim4 HOWTO I see that they say I need to add
A0723: You need to have this setting in your PLAIN authenticator:

server_prompts = :
I did add that but it didn't seem to change anything. :-(

Would you know if I have to define something for the following line
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS

From the servers reply it seems they don't run TLS so everything has to go
plaintext. I can't find anything in the, rather obtuse, exim4 docs about
this,

IF(?) my request to join the exim4 mail list got through, I'll hopefully ask
these questions there.

I am forced to use Kmail now so hope this gets to the list. All my other
mails have not been showing up due to this AUTH problem.

Thanks for your help.

Wayne

David Jardine

2005-05-26 21:05:19 UTC

Permalink

Post by Wayne Topa
Adam
Thanks for the tip. I have exim4, with exim4-daemon-light, installed and am
still fighting to get AUTH working. Here is what I have found.
Telnet smtp.intergate.com 25
EHLO intergate.com
250-corpweb.trip.net Hello host-69-95-14-38.roc.choiceone.net [69.95.14.38],
ple
ased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 40000000
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5
250-DELIVERBY
250 HELP
seems to indicate cram-md5 'should' work but here is what I get when I try to
cram_md5 authenticator failed H=smtp.intergate.com [216.139.64.8] 535 5.7.0
authentication failed
if I comment the cram_md5 authenticator out, leaving only the plain and login
authenticators I get (trying to get on the exim4 mail list)
T=remote_smtp_smarthost: SMTP error from remote mailer after
smtp.intergate.com [216.139.64.8]: 550 5.7.1
.. Relaying denied. Proper authentication required.
Going through the exim4 HOWTO I see that they say I need to add
I did add that but it didn't seem to change anything. :-(
Would you know if I have to define something for the following line
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
From the servers reply it seems they don't run TLS so everything has to go
plaintext. I can't find anything in the, rather obtuse, exim4 docs about
this,
IF(?) my request to join the exim4 mail list got through, I'll hopefully ask
these questions there.
I am forced to use Kmail now so hope this gets to the list. All my other
mails have not been showing up due to this AUTH problem.

Could you perhaps be over-complicating things? Could it be just a
question of removing "noauth" from the /etc/ppp/peers/??? file?

--
David Jardine

"Running Debian GNU/Linux and
loving every minute of it." -L. von Sacher-M.(1835-1895)

Wayne Topa

2005-05-26 22:55:06 UTC

Permalink

Post by David Jardine

<-- snip -->

Post by David Jardine

Post by Wayne Topa
I am forced to use Kmail now so hope this gets to the list. All my other
mails have not been showing up due to this AUTH problem.

Could you perhaps be over-complicating things? Could it be just a
question of removing "noauth" from the /etc/ppp/peers/??? file?

David

If only it was that simple! I had forgotton about the noauth in the
peers files and tried 1st) removing it and 2nd) changing it to auth.
It seems that applies to the server authenticating to me, not the
other way around.

Thanks anyway, I appreciate the the attempt.

Wayne

--
A user friendly computer first requires a friendly user.
_______________________________________________________

Wayne Topa

2005-05-26 23:12:44 UTC

Permalink

If this message gets through I seem to have found the problem.

While reading /usr/share/doc/exim4-base/README.TLS.gz, I found

/etc/exim4/conf.d/main/03_exim4-config_tlsoptions) and activate these
options by removing the hash-mark ("#") in front of them.
log_selector = +tls_cipher +tls_peerdn
# tls_advertise_hosts = *
# tls_certificate = CONFDIR/exim.crt
# tls_privatekey = CONFDIR/exim.key

As my smtp server didn't indicate it honored/ran tls, I checked
/etc/exim4.conf.template and found that for some reason, contrary to
the above README, they were already uncommented, so I commented them
out.

My reply to David was sent with the LOGIN enabled and this one is with
cram_md5. My fingers are crossed..

Wayne

--
Computers are like air-conditioners: both stop working, if you open
windows.
_______________________________________________________

Wayne Topa

2005-05-26 23:16:54 UTC

Permalink

--
Computers are like air-conditioners: both stop working, if you open
windows.
_______________________________________________________

Wayne Topa

2005-05-26 23:18:53 UTC

Permalink

--
Computers are like air-conditioners: both stop working, if you open
windows.
_______________________________________________________