Re: exim and relaying -- for ONE user

To: debian-user@lists.debian.org
Subject: Re: exim and relaying -- for ONE user
From: will trillich <will@serensoft.com>
Date: Thu, 30 Jan 2003 14:12:05 -0600
Message-id: <[🔎] 20030130201205.GA8146@mail.serensoft.com>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20030130053732.GB5636@dman.ddts.net>
References: <[🔎] 20030129173035.GA17053@mail.serensoft.com> <[🔎] CLEHINOMIJAANGNGCKFEMEACCAAA.jeremy@gaddis.org> <[🔎] 20030130024817.GA26588@mail.serensoft.com> <[🔎] 20030130053732.GB5636@dman.ddts.net>

On Thu, Jan 30, 2003 at 12:37:32AM -0500, Derrick 'dman' Hudson wrote:
> Are you still using exim 3?   (probably, the DD is behind on the releases)
yup -- server ESMTP Exim 3.35 #1 Thu, 30 Jan 2003 13:43:20 -0600
[whatever's standard on woody...]

	root: /etc/exim# exim -bh 24.128.69.142

	**** SMTP testing session as if from host 24.128.69.142
	**** Not for real!

	>>> host in host_lookup? yes (*)
	>>> looking up host name for 24.128.69.142
	>>> IP address lookup yielded h0002557aff3d.ne.client2.attbi.com
	>>> host in host_reject? no (option unset)
	>>> host in host_reject_recipients? no (option unset)
	>>> host in auth_hosts? no (option unset)
	>>> host in sender_unqualified_hosts? no (option unset)
	>>> host in receiver_unqualified_hosts? no (option unset)
	>>> host in helo_verify? no (option unset)
	>>> host in helo_accept_junk_hosts? no (option unset)
	220 server ESMTP Exim 3.35 #1 Thu, 30 Jan 2003 13:43:20 -0600

> ## exim.conf
> plain:
>     driver = plaintext
>     public_name = PLAIN
>     server_condition = "${if crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{/etc/exim/passwd}{$value}{*:*}}}}}{1}{0}}"
>     server_set_id = $1

tried this (uncommented it in the config file :) and using the
"\0user\0password" (base64 encrypted as mentioned in the manual)
it decrypts properly and shows up in strings 2 and 3:

	AUTH plain [base-64-stuff-went-here]
	>>> plain authenticator:
	>>>   $1 = 
	>>>   $2 = [username-was-here]
	>>>   $3 = [password-was-here]
	>>> expanded string: 0
	535 Incorrect authentication data

i try it without the leading \0 to see if that's the trouble:

	AUTH plain [base-64-stuff]
	>>> plain authenticator:
	>>>   $1 = [username]
	>>>   $2 = [password]
	>>> expanded string: 0
	535 Incorrect authentication data

now it's strings 1 and 2, but still no luck.

> First it allows exim to advertise "AUTH PLAIN" in response to
> an EHLO command.  Secondly, it takes the user/pass pair from
> the client and looks it up in the file /etc/exim/passwd.  The
> file should look like
>     user:crypted-password

i tried it both "user:crypted-passwd" and "user:plaintext". still
no cigar.

> An alternative to using exim's own lookup and crypt
> capabilities is to defer to pam.
>
> ## exim.conf
> plain:
>     driver = plaintext
>     public_name = PLAIN
>     server_condition = ${if pam{$1:${sg{$2}{:}{::}}}{yes}{no}}
>     server_set_id = $1
>
> Then configure pam in /etc/pam.d/exim.  One way of doing that,
> to duplicate the above authenticator, is like this :
>
> ## /etc/pam.d/exim
> # Note: exim requires an account as well as auth!
> account required    pam_permit.so
> auth    required    pam_pwdfile.so pwdfile /etc/exim/passwd

results for this looked EXACTLY like that for the above.
(in a word, poopy.)

the logs aren't helping much, either...

2003-01-30 14:04:41 refused relay (host) to <will@midwestrepo.com> from <will@serensoft.com> H=gate (duo.lan) [192.168.0.5]

i disabled my local lan at exim's host_accept_relay to force
internal-source (outbound) email to do the authentication as
well, for testing:

	#host_accept_relay = 127.0.0.1 : ::::1 : 192.168.1.1/24 : 192.168.0.1/24
	host_accept_relay = 127.0.0.1 : ::::1

now the only email i can send out is that which i generate
directly from the server itself.

maybe there's another config somewhere that's occluding this?

> Another alternative is to use the CRAM-MD5 authentication
> method.  That, however, requires the password file to store the
> password in plain text.  (note: pam can't work with cram-md5
> because pam doesn't provide the cleartext password for use in
> generating the md5 challenge string)
>
> cram_md5:
>     driver = cram_md5
>     public_name = CRAM-MD5
>     server_secret = ${lookup{$1}lsearch{/etc/exim/passwd}{$value}fail}
>     server_set_id = $1

this looks no more promising. i haven't even tried it (not having
a clue what i'm doing wrong with the simpler ones, i'm not gonna
head to the deep end of the pool any time soon).

go ahead, whap me with the clue stick. :(

===

i tried making clear that this is a local user, didn't i? he's
just connecting from Way Out There so that he can smtp mail FROM
serensoft.com to his targets, using the email client on his
laptop, which is five states away. (this is relaying, right?)

-- 
I use Debian/GNU Linux version 3.0;
Linux server 2.4.20-k6 #1 Mon Jan 13 23:49:14 EST 2003 i586 unknown
 
DEBIAN NEWBIE TIP #38 from Alvin Oga <aoga@Mail.Linux-Consulting.com>
:
Curious about your NETWORK TRAFFIC? There's a whole bunch of
ways to monitor it: iptraf, showtraf, netwatch, tcpview, statnet,
or even
	tcpdump | grep 'what you want to see'
	lsof -i | grep 'LISTEN'
For network statistics try "mrtg". See the ethernet section
over at http://www.Linux-Sec.net/

Also see http://newbieDoc.sourceForge.net/ ...

Reply to:

References:
- exim and relaying -- for ONE user
  - From: will trillich <will@serensoft.com>
- RE: exim and relaying -- for ONE user
  - From: "Jeremy Gaddis" <jeremy@gaddis.org>
- Re: exim and relaying -- for ONE user
  - From: will trillich <will@serensoft.com>
- Re: exim and relaying -- for ONE user
  - From: Derrick 'dman' Hudson <dman@dman.ddts.net>

Prev by Date: Re: Oh no, what a really heavy bummer
Next by Date: Re: cu program?
Previous by thread: Re: exim and relaying -- for ONE user
Next by thread: Re: exim and relaying -- for ONE user
Index(es):
- Date
- Thread