Hi dears, I am very new to this thread.
I do have a problem with exim4 and authentication over a connection to a
smarthost postfix server on port 587.
In fact I have several clients running on Raspbian that are working
well, and some clients running on Ubuntu 12.04 Server that can not send
any mail. T
They connect, they perform the tls transaction but when they come to
authentication, they directly send the mail without authenticating. Both
Raspbian and ubuntu are using exactly the same configuration. but
Raspbian can send mails.
if I use swaks it is working fine on both machines:
-code-
swaks --to [email protected] -s smtp.server.re:587 -tls -a LOGIN
-code-
If I use the debugging command to send a mail:
-code-
sendmail -d+auth+expand [email protected]
-code-
Here are a selected part of the logs from the successfull raspbian:
---------------------------------------------------------------------------------------------
server@gaudy-WifiController ~ $ sudo sendmail -d+auth+expand [email protected]
Exim version 4.80 uid=0 gid=0 pid=9720 D=fbb95dfd
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm
dbmjz dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Compiler: GCC [4.6.3]
Library version: GnuTLS: Compile: 2.12.20
Runtime: 2.12.20
Library version: PCRE: Compile: 8.30
Runtime: 8.31 2012-07-06
[email protected]: queued for routing
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
routing [email protected]
--------> smarthost router <--------
local_part=ghislain domain=zzz.eu
set_process_info: 9727 delivering 1ZWjbM-0002Wm-Ti to smtp.server.re
[193.253.113.53] ([email protected])
Transport port=25 replaced by host-specific port=587
Connecting to smtp.server.re [193.253.113.53]:587 ... connected
expanding: $primary_hostname
result: gaudy-WifiController
SMTP<< 220 server.re ESMTP Postfix (Ubuntu)
193.253.113.53 in hosts_avoid_esmtp? no (option unset)
SMTP>> EHLO gaudy-WifiController
SMTP<< 250-server.re
250-PIPELINING
250-SIZE 20971520
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
193.253.113.53 in hosts_avoid_tls? no (option unset)
SMTP>> STARTTLS
SMTP<< 220 2.0.0 Ready to start TLS
gnutls_handshake was successful
cipher: TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128
Have channel bindings cached for possible auth usage.
SMTP>> EHLO gaudy-WifiController
SMTP<< 250-server.re
250-PIPELINING
250-SIZE 20971520
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
193.253.113.53 in hosts_require_auth? no (option unset)
expanding: /etc/exim4/passwd.client
result: /etc/exim4/passwd.client
condition: exists{/etc/exim4/passwd.client}
result: true
expanding: $host
result: smtp.server.re
expanding: /etc/exim4/passwd.client
result: /etc/exim4/passwd.client
search_open: nwildlsearch "/etc/exim4/passwd.client"
search_find: file="/etc/exim4/passwd.client"
key="smtp.server.re" partial=-1 affix=NULL starflags=0
LRU list:
:/etc/exim4/passwd.client
End
internal_search_find: file="/etc/exim4/passwd.client"
type=nwildlsearch key="smtp.server.re"
file lookup required for smtp.server.re
in /etc/exim4/passwd.client
smtp.server.re in "smtp.server.re"? yes (matched "smtp.server.re")
lookup yielded: [email protected]:userpass
expanding: <; ${if exists{/etc/exim4/passwd.client}
{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$host_address}}}{} }
result: <; 193.253.113.53
193.253.113.53 in hosts_try_auth? yes (matched "193.253.113.53")
scanning authentication mechanisms
/****************************/
/* from here it differs in ubuntu */
/****************************/
expanding: $tls_cipher
result: TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128
expanding:
result:
condition: !eq{$tls_cipher}{}
result: true
expanding: 1
result: 1
expanding: :
result: :
expanding: $host
result: smtp.server.re
expanding: /etc/exim4/passwd.client
result: /etc/exim4/passwd.client
search_open: nwildlsearch "/etc/exim4/passwd.client"
cached open
search_find: file="/etc/exim4/passwd.client"
key="smtp.server.re" partial=-1 affix=NULL starflags=0
LRU list:
:/etc/exim4/passwd.client
End
internal_search_find: file="/etc/exim4/passwd.client"
type=nwildlsearch key="smtp.server.re"
cached data used for lookup of smtp.server.re
in /etc/exim4/passwd.client
lookup yielded: [email protected]:userpass
expanding: $value
result: [email protected]:userpass
expanding:
${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}
result: [email protected]:userpass
expanding: \N[\^]\N
result: [\^]
expanding: ^^
result: ^^
expanding:
${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}
result: [email protected]:userpass
expanding: $host
result: smtp.server.re
expanding: /etc/exim4/passwd.client
result: /etc/exim4/passwd.client
search_open: nwildlsearch "/etc/exim4/passwd.client"
cached open
search_find: file="/etc/exim4/passwd.client"
key="smtp.server.re" partial=-1 affix=NULL starflags=0
LRU list:
:/etc/exim4/passwd.client
End
internal_search_find: file="/etc/exim4/passwd.client"
type=nwildlsearch key="smtp.server.re"
cached data used for lookup of smtp.server.re
in /etc/exim4/passwd.client
lookup yielded: [email protected]:userpass
expanding: $value
result: [email protected]:userpass
expanding:
${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}
result: [email protected]:userpass
expanding: \N[\^]\N
result: [\^]
expanding: ^^
result: ^^
expanding:
${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}
result: [email protected]:userpass
expanding: \N([^:]+:)(.*)\N
result: ([^:]+:)(.*)
expanding: \$2
result: $2
expanding: $2
result: userpass
expanding:
^${extract{1}{:}{${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}}}^${sg{${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}}{\N([^:]+:)(.*)\N}{\$2}}
result: ^[email protected]^userpass
expanding: ${if
!eq{$tls_cipher}{}{^${extract{1}{:}{${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}}}^${sg{${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}}{\N([^:]+:)(.*)\N}{\$2}}}fail}
result: ^[email protected]^userpass
SMTP>> AUTH PLAIN ************************************
tls_do_write(0xbe7fab68, 49)
gnutls_record_send(SSL, 0xbe7fab68, 49)
outbytes=49
waiting for data on socket
Calling gnutls_record_recv(0xb7569b88, 0xbe7f8b68, 4096)
read response data: size=37
SMTP<< 235 2.7.0 Authentication successful
plain authenticator yielded 0
SMTP>> MAIL FROM:<root@gaudy-wificontroller> SIZE=1352
AUTH=root@gaudy-wificontroller
SMTP>> RCPT TO:<[email protected]>
SMTP>> DATA
tls_do_write(0xbe7fab68, 116)
gnutls_record_send(SSL, 0xbe7fab68, 116)
outbytes=116
waiting for data on socket
Calling gnutls_record_recv(0xb7569b88, 0xbe7f8b68, 4096)
read response data: size=65
SMTP<< 250 2.1.0 Ok
SMTP<< 250 2.1.5 Ok
SMTP<< 354 End data with <CR><LF>.<CR><LF>
SMTP>> writing message and terminating "."
writing data block fd=6 size=332 timeout=300
tls_do_write(0xb755d230, 332)
gnutls_record_send(SSL, 0xb755d230, 332)
outbytes=332
waiting for data on socket
Calling gnutls_record_recv(0xb7569b88, 0xbe7f8b68, 4096)
read response data: size=37
SMTP<< 250 2.0.0 Ok: queued as D47198E02EC
journalling [email protected]
ok=1 send_quit=1 send_rset=0 continue_more=0 yield=0 first_address is NULL
193.253.113.53 in hosts_nopass_tls? no (option unset)
transport_check_waiting entered
sequence=1 local_max=500 global_max=-1
locking /var/spool/exim4/db/wait-remote_smtp_smarthost.lockfile
locked /var/spool/exim4/db/wait-remote_smtp_smarthost.lockfile
EXIM_DBOPEN(/var/spool/exim4/db/wait-remote_smtp_smarthost)
returned from EXIM_DBOPEN
opened hints database /var/spool/exim4/db/wait-remote_smtp_smarthost:
flags=O_RDWR
dbfn_read: key=smtp.server.re
no messages waiting for smtp.server.re
SMTP>> QUIT
Here area selected part of the logs from the problematic ubuntu:
--------------------------------------------------------------------------------------------
server@eberlin-Camera-Server:/etc/exim4$ sudo sendmail -d+auth+expand
[email protected]
Exim version 4.82 uid=0 gid=0 pid=6903 D=fbb95dfd
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm
dbmjz dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Compiler: GCC [4.8.2]
Library version: GnuTLS: Compile: 2.12.23
Runtime: 2.12.23
Library version: PCRE: Compile: 8.31
Runtime: 8.31 2012-07-06
[email protected]: queued for routing
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
routing [email protected]
--------> smarthost router <--------
local_part=ghislain domain=zzz.eu
set_process_info: 6909 delivering 1ZWkLn-0001nL-Mh to smtp.server.re
[193.253.113.53] ([email protected])
Transport port=25 replaced by host-specific port=587
Connecting to smtp.server.re [193.253.113.53]:587 ... connected
expanding: $primary_hostname
result: eberlin-Camera-Server
SMTP<< 220 server.re ESMTP Postfix (Ubuntu)
193.253.113.53 in hosts_avoid_esmtp? no (option unset)
SMTP>> EHLO eberlin-Camera-Server
SMTP<< 250-server.re
250-PIPELINING
250-SIZE 20971520
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
193.253.113.53 in hosts_avoid_tls? no (option unset)
SMTP>> STARTTLS
SMTP<< 220 2.0.0 Ready to start TLS
gnutls_handshake was successful
cipher: TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128
Have channel bindings cached for possible auth usage.
SMTP>> EHLO eberlin-Camera-Server
SMTP<< 250-server.re
250-PIPELINING
250-SIZE 20971520
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
193.253.113.53 in hosts_require_auth? no (option unset)
expanding: /etc/exim4/passwd.client
result: /etc/exim4/passwd.client
condition: exists{/etc/exim4/passwd.client}
result: true
expanding: $host
result: smtp.server.re
expanding: /etc/exim4/passwd.client
result: /etc/exim4/passwd.client
search_open: nwildlsearch "/etc/exim4/passwd.client"
search_find: file="/etc/exim4/passwd.client"
key="smtp.server.re" partial=-1 affix=NULL starflags=0
LRU list:
:/etc/exim4/passwd.client
End
internal_search_find: file="/etc/exim4/passwd.client"
type=nwildlsearch key="smtp.server.re"
file lookup required for smtp.server.re
in /etc/exim4/passwd.client
smtp.server.re in "*"? yes (matched "*")
lookup yielded: [email protected]:userpass
expanding: <; ${if exists{/etc/exim4/passwd.client}
{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$host_address}}}{} }
result: <; 193.253.113.53
193.253.113.53 in hosts_try_auth? yes (matched "193.253.113.53")
scanning authentication mechanisms
/*********************/
/* here starts the error */
/*********************/
expanding: $tls_cipher
result:
expanding:
result:
condition: !eq{$tls_cipher}{}
result: false
expanding: 1
result: 1
skipping: result is not used
expanding: :
result: :
skipping: result is not used
expanding: $host
result:
skipping: result is not used
expanding: /etc/exim4/passwd.client
result: /etc/exim4/passwd.client
skipping: result is not used
expanding: $value
result:
skipping: result is not used
expanding:
${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}
result:
skipping: result is not used
expanding: \N[\^]\N
result: [\^]
skipping: result is not used
expanding: ^^
result: ^^
skipping: result is not used
expanding:
${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}
result:
skipping: result is not used
expanding: $host
result:
skipping: result is not used
expanding: /etc/exim4/passwd.client
result: /etc/exim4/passwd.client
skipping: result is not used
expanding: $value
result:
skipping: result is not used
expanding:
${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}
result:
skipping: result is not used
expanding: \N[\^]\N
result: [\^]
skipping: result is not used
expanding: ^^
result: ^^
skipping: result is not used
expanding:
${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}
result:
skipping: result is not used
expanding: \N([^:]+:)(.*)\N
result: ([^:]+:)(.*)
skipping: result is not used
expanding: \$2
result: $2
skipping: result is not used
expanding:
^${extract{1}{:}{${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}}}^${sg{${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}}{\N([^:]+:)(.*)\N}{\$2}}
result: ^^
skipping: result is not used
failed to expand: ${if
!eq{$tls_cipher}{}{^${extract{1}{:}{${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}}}^${sg{${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}}{\N([^:]+:)(.*)\N}{\$2}}}fail}
error message: "if" failed and "fail" requested
failure was forced
plain authenticator yielded 13
expanding: $tls_cipher
result:
expanding:
result:
expanding: $host
result:
skipping: result is not used
expanding: /etc/exim4/passwd.client
result: /etc/exim4/passwd.client
skipping: result is not used
expanding: $value
result:
skipping: result is not used
expanding:
${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}
result:
skipping: result is not used
expanding: \N[\^]\N
result: [\^]
skipping: result is not used
expanding: ^^
result: ^^
skipping: result is not used
expanding:
${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}
result:
skipping: result is not used
expanding:
result:
skipping: result is not used
condition:
and{{!eq{$tls_cipher}{}}{!eq{${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}}{}}}
result: false
expanding:
result:
skipping: result is not used
failed to expand: ${if
and{{!eq{$tls_cipher}{}}{!eq{${sg{${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$value}fail}}{\N[\^]\N}{^^}}}{}}}{}fail}
error message: "if" failed and "fail" requested
failure was forced
login authenticator yielded 13
SMTP>> MAIL FROM:<root@eberlin-camera-server> SIZE=1356
SMTP>> RCPT TO:<[email protected]>
SMTP>> DATA
tls_do_write(0x7fff09542910, 86)
gnutls_record_send(SSL, 0x7fff09542910, 86)
outbytes=86
waiting for data on socket
Calling gnutls_record_recv(0x7eff9ee97fb0, 0x7fff09543d10, 4096)
read response data: size=105
SMTP<< 250 2.1.0 Ok
SMTP<< 554 5.7.1 <[email protected]>: Relay access denied
SMTP<< 554 5.5.1 Error: no valid recipients
SMTP error from remote mail server after pipelined DATA: host
smtp.server.re [193.253.113.53]: 554 5.5.1 Error: no valid recipients
error for DATA ignored: pipelining is in use and there were no good
recipients
ok=1 send_quit=1 send_rset=1 continue_more=0 yield=0 first_address is NULL
193.253.113.53 in hosts_nopass_tls? no (option unset)
transport_check_waiting entered
sequence=1 local_max=500 global_max=-1
locking /var/spool/exim4/db/wait-remote_smtp_smarthost.lockfile
locked /var/spool/exim4/db/wait-remote_smtp_smarthost.lockfile
EXIM_DBOPEN(/var/spool/exim4/db/wait-remote_smtp_smarthost)
returned from EXIM_DBOPEN
opened hints database /var/spool/exim4/db/wait-remote_smtp_smarthost:
flags=O_RDWR
dbfn_read: key=smtp.server.re
no messages waiting for smtp.server.re
SMTP>> QUIT
You can see that the problem strats with tls_cipher related stuff, I
have been the whole day googling and debugging,now I need help please.
Thanks a lot
--
Ghislain AUTRET
Gérant Ingénieur R&D Domot'île
tel: +262 (0)692 48 74 55
web: http://www.domotile.re
Domot'île
37 rue du Général De Gaulle
97434 St Gilles les bains
---
L'absence de virus dans ce courrier électronique a été vérifiée par le logiciel
antivirus Avast.
https://www.avast.com/antivirus
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
