Hello, While troubleshooting my mail configuration, I found what I beleive to be bugs at the link, session and application layers. Relevant to this list is the application layer. I am trying to use Exim4 in STMP client mode.
After receiving "535 authentication failed (#5.7.1)" from the server, my computer reponds with: "MAIL FROM: <nephill#X#icrossroads.com> SIZE=1633\r\n" (Because Email addresses are supposed to be kept confidential, I will replace '@' with #X#) >From my notes: Exim4 (my computer) Asks for "AUTH CRAM-MD5", which ultimately fails (code 535) . Seemingly disregarding the result, Exim goes ahead with: MAIL FROM:<nephill#X#icrossroads.com> SIZE=1636\r\n RCPT TO:<ljphillips#X#myrealbox.com>\r\n DATA\r\n (As an asside, wireshark was not able to parse this properly) STMP server responds with 250 OK\r\n My computer, for some unknown reason send out an empty TCP packet acknowleding a future TCP packet. Wiresharks' SEQ/ACK analysis says it is a response to the previous packet, but my interpretation is borne out by what happens next: Exim4 sends: QUIT\r\n My computer sends another empty TCP packet (FIN, ACK) STMP send the previously acknowledged packet: 221 pteradon.tera-byte.com\r\n My computer now bails by sending another TCP (RST) packet. STMP server acknowledges The RST with a TCP (FIN, ACK) My computer resends the (RST) packet. The packets (Frames) appear to be out of order (time-wise)! Screenshot: http://www.icrossroads.com/~nephill/wireshard_email.png Frame 76 appears to acknowledge frame 79 10 seconds later, my computer tries again with the CRAM-MD5. This time, after the authentication failure, it sends: MAIL FROM:<> SIZE=2665\r\n Then proceeds to send the failure message to the STMP server. --- I later determined that the out-of order Frames were localized to my setup on the one computer (could be a driver conflict or something (Did not happen with a live CD on the same hardware)) I was able to reproduce the problem on a second computer with the same software, but different hardware. The packets/frames in question have been saved to a file: http://www.icrossroads.com/~nephill/test_exim4_stmp.libpcap (I used wireshark, but gather any libpcap based packet sniffer may be able to read it.) (I deliberately used the wrong password for the capture in case one of you can crack CRAM-MD5) Software: Debian Etch system (x86, 32bit) exim4 4.63-17 exim4-config 4.63-17 (debian specific) mutt 1.5.13-1.1e wireshark 0.99.4-5.et I am using the Maildir Option, incase that affects things. Regards, James Phillips -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
