On 2007-06-12 at 22:14 +0200, Andreas Kahl wrote: > accept hosts = +relay_from_hosts > > accept authenticated = * > > deny message = relay not permitted
This is fine. > > You can get more diagnostics, running a debug Exim; this won't detach > > >from the terminal, so you'll see what's going on. For instance: > > > > # exim -d+acl+auth -oX 26 -bd > > > > I also did this (with Port 25). A copy of my console is attached in > exim-session.txt . This shows the problem. The client isn't authenticating. > 28267 SMTP>> 220 vitruvia.dyndns.org ESMTP Exim 4.63 Tue, 12 Jun 2007 > 22:02:33 +0200 > 28267 Process 28267 is ready for new message > 28267 smtp_setup_msg entered > 28267 SMTP<< XXXX Cirrus.local WTF is XXXX as an SMTP command? Ah, it appears to be what a Cisco firewall replaces unacceptable commands with. You've got a broken application-level firewall breaking your SMTP conversations. You could try using the "submission" port, 587, for submission of email. Or smtps on port 465 (SMTP with SSL-on-connect, instead of being negotiated). Submission is better, smtps might better survive the man-in-the-middle attack perpetrated by the malware pretending to be a firewall. I call it malware because it's actively preventing good security. > 28267 LOG: smtp_syntax_error MAIN > 28267 SMTP syntax error in "XXXX Cirrus.local" H=p54997838.dip.t-dialin.net > [84.153.120.56] unrecognized command > 28267 SMTP>> 500 unrecognized command > 28267 SMTP<< HELO Cirrus.local So here your client is saying HELO instead of EHLO, so isn't learning about the authentication options. > 28267 SMTP>> 250 vitruvia.dyndns.org Hello p54997838.dip.t-dialin.net > [84.153.120.56] > 28267 SMTP<< MAIL FROM:<[EMAIL PROTECTED]> > 28267 SMTP>> 250 OK Here you see your server responding to the HELO and then the client starting to send email; there's no authentication in-between. > 28267 SMTP<< RCPT TO:<[EMAIL PROTECTED]> > 28267 using ACL "acl_check_rcpt" [...] > 28267 processing "accept" > 28267 check authenticated = * > 28267 accept: condition test failed And so the "have they authenticated?" test fails. -Phil -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
