On 14 Jul 2019, at 22:18, necktwi via Exim-users wrote:
From my mac mail client I've connected to remote exim+dovecot server.
Since few weeks back I was not able to send mail but able to receive.
exim in /var/log/messages says:
Jul 14 15:22:15 RPi3B exim[3576]: 2019-07-14 20:52:15 dovecot_plain
authenticator failed for ([xx.xx.xx.xx]) [yy.yy.yy.yy]: 535 Incorrect
authentication data (set_id=necktwi)
You sent a wrong password or a wrong username or both. Also, something
is strange about the timestamps there, it's as if Exim is logging in UTC
and Dovecot is running in IST.
dovecot in /var/log/dovecot.log says:
Jul 14 19:40:27 auth: Debug: client in: AUTH 1 LOGIN service=smtp
rip=yy.yy.yy.yy lip=xx.xx.xx.xx nologin resp= (previous base64 data
may contain sensitive data)
Jul 14 19:40:27 auth: Debug: client passdb out: CONT 1 VXNlcm5hbWU6
Note that this is unrelated to the above log line from Exim: check the
timestamp.
This looks like an incomplete attempt by something to use Dovecot's
authentication service for smtp (i.e. sending mail) using the SASL
"LOGIN" mechanism. All it shows is the auth service sending the
base64-encoded intermediate prompt "Username:" and then nothing else. It
is not clear what's going on here...
Jul 14 19:40:27 auth: Debug: auth client connected (pid=0)
Immediately, there is a new auth client connection.
Jul 14 19:40:27 auth: Debug: client in: AUTH 1 PLAIN service=smtp
secured rip=xx.xx.xx.xx lip=yy.yy.yy.yy nologin
resp=aeVja333aQeuZWerdHdpAeRecmezaG9lcw== (previous base64 data may
contain sensitive data)
This client tries the SASL "PLAIN" mechanism. The client either sends a
partially mangled credential string or you have partially mangled it
here. As the log entry notes, that base64 data DOES contain sensitive
data, including what is likely to be the last four characters of your
password. You should pick a new one.
Jul 14 19:40:27 auth: Debug: policy(necktwi,xx.xx.xx.xx): Policy check
action is continue
Jul 14 19:40:27 auth-worker(11866): Debug: pam(necktwi,xx.xx.xx.xx):
lookup service=smtp
Jul 14 19:40:27 auth-worker(11866): Info: pam(necktwi,xx.xx.xx.xx):
pam_authenticate() failed: Authentication failure (Password mismatch?)
(given password: xxxxxxx)
(log is obfuscated)
Is it the problem with dovecot or exim?
Unclear if it is with either. It looks like your client is sending a bad
password and/or username.
Should exim contact dovecot prior to sending the mail?
"Should" has more than one interpretation.
If you intend to use Dovecot's SASL service for SMTP authentication with
Exim, then having the dovecot_plain authenticator configured for Exim is
how you would do that and Exim uses that configuration to contact
Dovecot via its auth socket. As a general rule, SMTP servers like Exim
SHOULD require authentication of some sort before accepting mail for
non-local destinations.
There are other authenticators for Exim. Which one you "should" use is
subject to your specific local needs.
I have also tried windows mail client with same error.
This suggests that the problem is on the server but does not prove it.
There are many ways to mistype a password and/or username.
One common problem comes from the fact that some authentication
configurations require the use of a full email address (i.e. with the
domain part) as the username, while others require just the bare
username.
--
Bill Cole
[email protected] or [email protected]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
