[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Exim and *outgoing* AUTH?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A long time ago, in a galaxy far, far way, someone said...

> Greetings-
>
> Telocity, in its infinite wisdom, has decided to use SMTP AUTH instead of
> originating IP to verify SMTP clients. This presents problems for me,
> since I have exim pointing at smtp.telocity.com. Furthermore, it doesn't
> reject messages outright (that would be too simple and
> standards-based).  Instead, it just accepts them and silently eats them,
> so I didn't know until I innocently asked my father-in-law if he'd
> received a message I sent him. Arrgh.  Anyway....
>
> Is there a way to configure exim (running in smarthost mode) to use SMTP
> AUTH for outgoing mail? I'm currently running:

Yes.

The authentication rules are defined in the very last section of the file,
after the rewrite configuration.  AUTH PLAIN (what Netscape and most
non-MS email clients use to authenticate) would look something like this:

telocity:
  driver = plaintext
  public_name = PLAIN
  client_send = ^username^password

AUTH LOGIN (what Outlook & OE use, as well as a few others) would look
something like this:

telocity:
  driver = plaintext
  public_name = LOGIN
  client_send = : username : password

Afterwards, you would put

   authenticate_hosts = 64.98.119.186

in the remote_smtp transport.

However, this assumes that the Telocity SMTP server (smtp.telocity.com) is
standards compliant... which they aren't.

Telneting to port 25 on smtp.telocity.com:

$ telnet smtp.telocity.com smtp
Trying 64.98.119.186...
Connected to dsl.telocity.com.criticalpath.net.
Escape character is '^]'.
220 smtp.telocity.com ESMTP CPMTA-3_5_0_4 - NO UCE
ehlo kaitain.obix.com
250-smtp.telocity.com Hi.
250-PIPELINING
250-AUTH=LOGIN
250 8BITMIME
quit
221 smtp.telocity.com closing connection

See the AUTH=LOGIN in the response to my EHLO?  The equal sign should be a
space.  That's a Microsoft-ism.  Very few transport agents and user agents
support AUTH=LOGIN; the ones that do have .
These include:

Most "corporate messaging" systems
Various MS *Windows* email clients (the Mac email clients are written by a
   different group within MS and are much better than the Windows
   equivalents IMO)
One of the qmail SMTP AUTH patches
Whatever the hell Telocity uses

One solution would be to ask a kind soul to relay for you based on SMTP
AUTH.

> <rant>
> Why can't a single reasonably-priced DSL service seem go get it
> right? There are perfectly good internet standards for dealing with
> these sorts of things, and they feel they have to reinvent the wheel --
> and make it square to boot!
> </rant>

<rant>
That would require intelligence among the decision-makers at Telocity.
If they're like alot of other corporations, they are (pardon my language)
clueless twits who don't know squat about what they're doing.  These folks
are also the reason why most defaced web sites are Windows... and the
security whole isn't in Windows.
</rant>

- -- 
- ----------------------------------------------------------------------
Phil Brutsche				    pbrutsch@tux.creighton.edu

GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D  7E5E FD94 D264 50DE 1CFC
GPG key id: 50DE1CFC
GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Made with pgp4pine

iD8DBQE7M7Fu/ZTSZFDeHPwRAsrCAJ9a+V5r4hsyf5d5/eq3MdBwTVV6agCfUGUz
h9x9K9HjfU01auWrexvpbuI=
=tw1y
-----END PGP SIGNATURE-----
Reply to: