Bug#736081: marked as done (Won't authenticate over STARTTLS without AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS)

[Debian Bug Tracking System]

Your message dated Sun, 06 Apr 2014 07:03:38 +0000
with message-id <e1wwh7c-0005pn...@franck.debian.org>
and subject line Bug#736081: fixed in exim4 4.82-7
has caused the Debian Bug report #736081,
regarding Won't authenticate over STARTTLS without 
AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
736081: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736081
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: exim4-daemon-light
Version: 4.82-3

Smarthost requires STARTTLS and PLAIN login -- therefore the
connection is authenticated.  A default install refuses to authenticate:

    SMTP>> STARTTLS
    SMTP<< 220 2.0.0 Ready to start TLS
    SMTP>> EHLO x.x.x.x
    SMTP<< 250-x.x.x.x
           250-PIPELINING
           250-SIZE 10240000
           250-ETRN
           250-AUTH PLAIN LOGIN
           250-AUTH=PLAIN LOGIN
           250-ENHANCEDSTATUSCODES
           250-8BITMIME
           250 DSN
  [...]
  x.x.x.x in hosts_require_auth? no (option unset)
  search_open: nwildlsearch "/etc/exim4/passwd.client"
  search_find: file="/etc/exim4/passwd.client"
    key="x.x.x.x" partial=-1 affix=NULL starflags=0
  [...]
  x.x.x.x in "*.x.x"? yes (matched "*.x.x")
  lookup yielded: x:x
  [...]
    SMTP>> MAIL FROM:<> SIZE=2447
    SMTP>> RCPT TO:<jch@x.x.x>
    SMTP>> DATA
  [...]
    SMTP<< 250 2.1.0 Ok
    SMTP<< 554 5.7.1 <unknown[x.x.x.x]>: Client host rejected: Access denied
    SMTP<< 554 5.5.1 Error: no valid recipients

If I add ``AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS = true'' to the exim
configuration, everything works fine:

    SMTP>> STARTTLS
    SMTP<< 220 2.0.0 Ready to start TLS
    SMTP>> EHLO x.x.x.x
    SMTP<< 250-x.x.x.x
           250-PIPELINING
           250-SIZE 10240000
           250-ETRN
           250-AUTH PLAIN LOGIN
           250-AUTH=PLAIN LOGIN
           250-ENHANCEDSTATUSCODES
           250-8BITMIME
           250 DSN
    SMTP>> AUTH PLAIN ********************
    SMTP<< 235 2.7.0 Authentication successful

However, this should not be needed, since the connection is protected
by TLS.

-- Juliusz

--- End Message ---

--- Begin Message ---

Source: exim4
Source-Version: 4.82-7

We believe that the bug you reported is fixed in the latest version of
exim4, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 736...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Metzler <ametz...@debian.org> (supplier of updated exim4 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 06 Apr 2014 08:32:11 +0200
Source: exim4
Binary: exim4-base exim4-config exim4-daemon-light exim4 exim4-daemon-heavy 
exim4-daemon-custom eximon4 exim4-dbg exim4-daemon-light-dbg 
exim4-daemon-heavy-dbg exim4-daemon-custom-dbg exim4-dev
Architecture: source i386 all
Version: 4.82-7
Distribution: unstable
Urgency: high
Maintainer: Exim4 Maintainers <pkg-exim4-maintain...@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametz...@debian.org>
Description: 
 exim4      - metapackage to ease Exim MTA (v4) installation
 exim4-base - support files for all Exim MTA (v4) packages
 exim4-config - configuration for the Exim MTA (v4)
 exim4-daemon-custom - custom Exim MTA (v4) daemon with locally set features
 exim4-daemon-custom-dbg - debugging symbols for the Exim MTA (v4) packages
 exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including 
exiscan-ac
 exim4-daemon-heavy-dbg - debugging symbols for the Exim MTA "heavy" daemon
 exim4-daemon-light - lightweight Exim MTA (v4) daemon
 exim4-daemon-light-dbg - debugging symbols for the Exim MTA "light" daemon
 exim4-dbg  - debugging symbols for the Exim MTA (utilities)
 exim4-dev  - header files for the Exim MTA (v4) packages
 eximon4    - monitor application for the Exim MTA (v4) (X11 interface)
Closes: 736081 740092 742901
Changes: 
 exim4 (4.82-7) unstable; urgency=high
 .
   [ Martin Pitt ]
   * debian/tests/control: Add missing python test dependency, as
     debian/tests/security calls python. Closes: #740092
 .
   [ Andreas Metzler ]
   * 4.82 deprecated $tls_bits, $tls_certificate_verified, $tls_cipher,
     $tls_peerdn, $tls_sni and introduced tls_in_*/tls_out_* variants of these
     variables which describe the respective status of the current incoming or
     outgoing TLS connection. The rationale for this is that a single exim
     process can now use both an incoming (message reception) and outgoing
     TLS connection (callout or cutthrough delivery) concurrently. With this
     change the "old" variables were mapped to tls_in_*, i.e. they expand to
     empty values on outgoing connections. (This is not yet documented.)
     Outgoing tls-connections can therefore not be detected by nonempty
     $tls_cipher anymore. exim4-config << 4.82 used this mechanism to prevent
     sending of plaintext AUTH information on unencrypted connections. Force a
     lockstep upgrade of exim4-config by bumping the version of exim4-base's
     dependency on exim4-config to >= 4.82.
     Closes: #742901, #736081
Checksums-Sha1: 
 93f0a5c6bc715e0b7fff2692bc90c15fb85e351c 2826 exim4_4.82-7.dsc
 893c57b0d44974d464786113d1b3c7abf231275c 414372 exim4_4.82-7.debian.tar.xz
 d790a09c58debc4783c3b48b78dd331ac16087e0 1032406 exim4-base_4.82-7_i386.deb
 4e049d4a706e12c03f29465e37d23e1a735d5298 209106 eximon4_4.82-7_i386.deb
 d74b4efe31b0b8d0d9c6907e0d0d6cda0761fdeb 570532 
exim4-daemon-light_4.82-7_i386.deb
 45e0f0b40212134ba7f99f5d21c47795b0483d1c 616724 
exim4-daemon-heavy_4.82-7_i386.deb
 3607fe79aaf6b416cb4444204f028d6fcf54fab9 924666 
exim4-daemon-light-dbg_4.82-7_i386.deb
 cadca86fd41c49b3afd2e9330c227f3e2c554414 1036154 
exim4-daemon-heavy-dbg_4.82-7_i386.deb
 e291c50bf040a1cd8accbfc8ead3c5ec181ca5b0 346908 exim4-dbg_4.82-7_i386.deb
 96f8ce6c72c1dc3ff063dcf7f498cb67b50a9375 180456 exim4-dev_4.82-7_i386.deb
 17d341713308ad4df3159cbe0d62d5d110027685 495278 exim4-config_4.82-7_all.deb
 77750512d67a7a01f292b4a2bcbc4eba729bb60d 8550 exim4_4.82-7_all.deb
Checksums-Sha256: 
 3b7496be6fca481d4708f430287731fe84ccde3c79aa3889c0120c92f58ec5f9 2826 
exim4_4.82-7.dsc
 147772430c9a37c5a0852399f3379317f7fcb80c147ea328606eef05a4427a7c 414372 
exim4_4.82-7.debian.tar.xz
 36fbd021d04e9d5df93040c5a5f4ed98f6e9334ae51c4b69f32912494cb8735e 1032406 
exim4-base_4.82-7_i386.deb
 e233b345a32e5f06b59c4fe6127a66e5b8fd752eb691da183bd45c81580a8b47 209106 
eximon4_4.82-7_i386.deb
 fb567f1ab53835f9ba3a616e86ebc6e9340edfbfd9bc49d2389c879538701777 570532 
exim4-daemon-light_4.82-7_i386.deb
 aab1e169e654bbfad6a7064bf36493572b11ba249442b5e594c19749797c5184 616724 
exim4-daemon-heavy_4.82-7_i386.deb
 55bce50415564b2e91ba0ef319041f3a243c42914eca364f2c552a5aa42d0424 924666 
exim4-daemon-light-dbg_4.82-7_i386.deb
 04797814ac454ce3412ea9f910b3db52f0c2dc560d71bb0b62aac6e973d513ce 1036154 
exim4-daemon-heavy-dbg_4.82-7_i386.deb
 6237c9c30a77d1a821d95e44b59aa324a0a7db8b62205614003ec0f82794ab3f 346908 
exim4-dbg_4.82-7_i386.deb
 887b83b979b5c503520d2b35d7eec2f60c3413ead5079a719f2344183928b615 180456 
exim4-dev_4.82-7_i386.deb
 af9d9cbbdcef5ed27b3ca818ca4a45b0a9c357fec6e1676cfd9137b7633f0662 495278 
exim4-config_4.82-7_all.deb
 61ea107dc31508d980d234a659c54200059ae33ab05c20feb3206d03887cdfe3 8550 
exim4_4.82-7_all.deb
Files: 
 1e550fc37bee65efa3c91cd7a3132810 2826 mail standard exim4_4.82-7.dsc
 172ab9ca8cdbfa1c1506607c51f616e3 414372 mail standard 
exim4_4.82-7.debian.tar.xz
 f98d39ebeb4abc08529e91d98b105da7 1032406 mail standard 
exim4-base_4.82-7_i386.deb
 858731ecc65815afb1b25b99232833cd 209106 mail optional eximon4_4.82-7_i386.deb
 738fe5e4b4aeeb0af7fd5f089b1f046f 570532 mail standard 
exim4-daemon-light_4.82-7_i386.deb
 ee53a56f0f5b18a0886c48312785b55d 616724 mail optional 
exim4-daemon-heavy_4.82-7_i386.deb
 283da7c8e4b27c6a075f91a096775828 924666 debug extra 
exim4-daemon-light-dbg_4.82-7_i386.deb
 1dd040a88c140a7c5a9e60e5c34d7e3a 1036154 debug extra 
exim4-daemon-heavy-dbg_4.82-7_i386.deb
 7fd000e3d9f3bec3acfcec0c9a29b33f 346908 debug extra exim4-dbg_4.82-7_i386.deb
 5d8d7cba25771f929833da2c290de6e8 180456 mail extra exim4-dev_4.82-7_i386.deb
 f141964ae28a4c7786a702a3135ee127 495278 mail standard 
exim4-config_4.82-7_all.deb
 bfd0686bf4c37ee50fcb27bd153748a8 8550 mail standard exim4_4.82-7_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJTQPiuAAoJEKVPAYVDghSE1F0QAIOGGTjVVEaJksSd6AjUxgQy
wb6JlEI6+YwgLJXEHt1hJ0+4b5vCJ0OMVATGtFLBVQPGNQh/7LuAwsmZEpgbNRV9
pLCFFKnR0WLHV7SQnHkHD8EWu62gxsOINqSG4St4AdGLJUYM/Sxm9R/h5X0wWCQ4
4r7GC1hG+VJ8+5yWDeIYj5TCc+LdeXBncsZ5aznMqzEi8T72tzGaPRHbec/qoE9N
2mtRQ4VHJnY/pKMAzJWV5fxXEsjhbFHNQQtyIpamXnNa2UeLz1jTW76QcW4ZXP6L
zfStJwvquRLzk+Z3e9xQ7Jly8DxlYgECIiAZDAu9OM/fplwGy7hU2oP9WnqgKUJn
r5cbV5GqpG0oeSTHsbhKAJCMSX6o7ECZ7oqjJTOLmjFYer/0RMU2rco+IbPsJi4d
0VFf2QS+g9Rw08vqMpoQF3M6fZl9AhFib8AZGzv6+06otsIuyihg4TWf64euIWw0
2IEp0QKUrVHvRODwkFAnjJT66eYdS2QVpRF/4QflEeQ+bf29sLBIODU56GAnH4qp
dJ5nTiM7k18Vnipb3X4LtUScQqsnGu7nkS2shpNT1gDBusGO2TpzLCWKLoyP956B
k4HwN0bnt8VVcFb0EMD7ODXlV/NDTE1/ryM24x+cMd37pqnQPn4+f2WYopFV6ezi
L1Vk/A6dNg9nHbjvX4Z9
=U2KP
-----END PGP SIGNATURE-----

--- End Message ---