-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thank you very much for your detailed analysis - I would have never come to that.
Actually there is a Cisco firewall in front of the server. I asked the admin to open Port 465 and close 25 (which I never intended to use permanently - I just thought it would be easier for a first test). I hope with ssl-SMTP the firewall won't understand enough to intercept commands. When the port is open I will tell you wether it works. Regards Andreas Phil Pennock schrieb: > On 2007-06-12 at 22:14 +0200, Andreas Kahl wrote: >> accept hosts = +relay_from_hosts >> >> accept authenticated = * >> >> deny message = relay not permitted > > This is fine. > >>> You can get more diagnostics, running a debug Exim; this won't >>> detach >>>> from the terminal, so you'll see what's going on. For >>>> instance: >>> >>> # exim -d+acl+auth -oX 26 -bd >>> >> I also did this (with Port 25). A copy of my console is attached >> in exim-session.txt . > > This shows the problem. The client isn't authenticating. > >> 28267 SMTP>> 220 vitruvia.dyndns.org ESMTP Exim 4.63 Tue, 12 Jun >> 2007 22:02:33 +0200 28267 Process 28267 is ready for new message >> 28267 smtp_setup_msg entered 28267 SMTP<< XXXX Cirrus.local > > WTF is XXXX as an SMTP command? Ah, it appears to be what a Cisco > firewall replaces unacceptable commands with. > > You've got a broken application-level firewall breaking your SMTP > conversations. > > You could try using the "submission" port, 587, for submission of > email. Or smtps on port 465 (SMTP with SSL-on-connect, instead of > being negotiated). Submission is better, smtps might better > survive the man-in-the-middle attack perpetrated by the malware > pretending to be a firewall. I call it malware because it's > actively preventing good security. > >> 28267 LOG: smtp_syntax_error MAIN 28267 SMTP syntax error in >> "XXXX Cirrus.local" H=p54997838.dip.t-dialin.net [84.153.120.56] >> unrecognized command 28267 SMTP>> 500 unrecognized command 28267 >> SMTP<< HELO Cirrus.local > > So here your client is saying HELO instead of EHLO, so isn't > learning about the authentication options. > >> 28267 SMTP>> 250 vitruvia.dyndns.org Hello >> p54997838.dip.t-dialin.net [84.153.120.56] 28267 SMTP<< MAIL >> FROM:<[EMAIL PROTECTED]> 28267 SMTP>> 250 OK > > Here you see your server responding to the HELO and then the client > starting to send email; there's no authentication in-between. > >> 28267 SMTP<< RCPT TO:<[EMAIL PROTECTED]> 28267 using ACL >> "acl_check_rcpt" > [...] >> 28267 processing "accept" 28267 check authenticated = * 28267 >> accept: condition test failed > > And so the "have they authenticated?" test fails. > > -Phil -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFGb5RQq60kmgwCDSARArQsAKCh9sYCTFiqhAKCwHT0PlDvEnMaXACeM6th rfZU0vK6RadJ43ptVxcqOFA= =Ao/F -----END PGP SIGNATURE----- -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
