Here's the debug log, starting at the AUTH ACL:
00:36:48 2557469 accept: condition test succeeded in ACL "acl_check_auth"
00:36:48 2557469 end of ACL "acl_check_auth": ACCEPT
00:36:48 2557469 auth input decode: '' 'myusername' 'wrongpassword'
00:36:48 2557469 plain authenticator server_condition:
00:36:48 2557469 $auth1 =
00:36:48 2557469 $auth2 = myusername
00:36:48 2557469 $auth3 = wrongpassword
00:36:48 2557469 $1 =
00:36:48 2557469 $2 = myusername
00:36:48 2557469 $3 = wrongpassword
00:36:48 2557469 ╭considering: ${if pam{${sg{$auth2}{:}{::}} :
${sg{$auth3}{:}{::}} : ${sg{$sender_host_address}{:}{::}}}}
00:36:48 2557469 ╭considering: ${sg{$auth2}{:}{::}} : ${sg{$auth3}{:}{::}} :
${sg{$sender_host_address}{:}{::}}}}
00:36:48 2557469 ╭considering: $auth2}{:}{::}} : ${sg{$auth3}{:}{::}} :
${sg{$sender_host_address}{:}{::}}}}
00:36:48 2557469 ├──expanding: $auth2
00:36:48 2557469 ╰─────result: myusername
00:36:48 2557469 ╰──(tainted)
00:36:48 2557469 ╭considering: :}{::}} : ${sg{$auth3}{:}{::}} :
${sg{$sender_host_address}{:}{::}}}}
00:36:48 2557469 ├──expanding: :
00:36:48 2557469 ╰─────result: :
00:36:48 2557469 ╭considering: ::}} : ${sg{$auth3}{:}{::}} :
${sg{$sender_host_address}{:}{::}}}}
00:36:48 2557469 ├──expanding: ::
00:36:48 2557469 ╰─────result: ::
00:36:48 2557469 ╭considering: $auth3}{:}{::}} :
${sg{$sender_host_address}{:}{::}}}}
00:36:48 2557469 ├──expanding: $auth3
00:36:48 2557469 ╰─────result: wrongpassword
00:36:48 2557469 ╰──(tainted)
00:36:48 2557469 ╭considering: :}{::}} : ${sg{$sender_host_address}{:}{::}}}}
00:36:48 2557469 ├──expanding: :
00:36:48 2557469 ╰─────result: :
00:36:48 2557469 ╭considering: ::}} : ${sg{$sender_host_address}{:}{::}}}}
00:36:48 2557469 ├──expanding: ::
00:36:48 2557469 ╰─────result: ::
00:36:48 2557469 ╭considering: $sender_host_address}{:}{::}}}}
00:36:48 2557469 ├──expanding: $sender_host_address
00:36:48 2557469 ╰─────result: 2003:d5:735:f800:a819:4f90:c9a5:18d6
00:36:48 2557469 ╭considering: :}{::}}}}
00:36:48 2557469 ├──expanding: :
00:36:48 2557469 ╰─────result: :
00:36:48 2557469 ╭considering: ::}}}}
00:36:48 2557469 ├──expanding: ::
00:36:48 2557469 ╰─────result: ::
00:36:48 2557469 ├──expanding: ${sg{$auth2}{:}{::}} : ${sg{$auth3}{:}{::}} :
${sg{$sender_host_address}{:}{::}}
00:36:48 2557469 ╰─────result: myusername : wrongpassword :
2003::d5::735::f800::a819::4f90::c9a5::18d6
00:36:48 2557469 ╰──(tainted)
00:36:48 2557469 Running PAM authentication for user "myusername"
00:36:51 2557469 PAM error: Permission denied
00:36:51 2557469 ├failed to expand: ${if pam{${sg{$auth2}{:}{::}} :
${sg{$auth3}{:}{::}} : ${sg{$sender_host_address}{:}{::}}}}
00:36:51 2557469 ╰───error message: Permission denied
00:36:51 2557469 expansion failed: Permission denied
00:36:51 2557469 ╭considering: $auth2
00:36:51 2557469 ├──expanding: $auth2
00:36:51 2557469 ╰─────result: myusername
00:36:51 2557469 ╰──(tainted)
00:36:51 2557469 SMTP>> 435 Unable to authenticate at present
Looks like the pam expansion "fails". Actually, it simply returns the
defined error code for an invalid password. I wouldn't consider that a
"failure", PAM has worked properly and decided that the password is not
accepted. This is a final and correct result. Exim seems to think otherwise.
BTW, when providing the correct password, everything works just fine. I
would generally rule out any permission issues here. If there was a
permission issue, it would never work, no matter what credentials were
provided.
-Yves
-------- Ursprüngliche Nachricht --------
Von: Jeremy Harris via Exim-users <[email protected]>
Gesendet: Montag, 18. Januar 2021, 21:49 MEZ
Betreff: [exim] Authentication returns code 435 instead of 535
On 18/01/2021 20:32, Yves Goergen via Exim-users wrote:
How can I get debug logs from Exim in daemon configuration? The Exim
daemon/service is already set up and required for production use. I can
change its logging, but not take it down.
Either add a commandline option at the place your daemon is started, and
restart it,
or add an ACL clause in your config, and reload it.
Both methods are documented.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
