Bug#323565: exim4-config: smarthost always tries to authenticate if
AUTH is advertised
Andreas Metzler
ametzler at downhill.at.eu.org
Fri Aug 19 18:19:03 UTC 2005
On 2005-08-18 Marc Haber <mh+debian-packages at zugschlus.de> wrote:
> On Thu, Aug 18, 2005 at 07:34:16PM +0200, Andreas Metzler wrote:
>> Well. Depends on what you consider "try to authenticate" to be. exim4
>> will walk through the common set of remotely advertised and locally
>> defined authenticators. - When "running" the authenticators it will
>> try to lookup first the key "hostname of smarthost" and after that fails
>> "*" in CONFDIR/passwd.client.
>> With the default CONFDIR/passwd.client both lookups will fail, and the
>> authenticators will stop being executed. And exim4 will not send any
>> AUTH command but will simply try sending unauthenticated.
[...]
> Have $remote offer LOGIN and run the connection over TLS.
Ah, beloved LOGIN.
This patch fixes this, by forcing failure early enough if the
lookup for $host either fails or returns an empty string.
It works for me, i.e. AUTH LOGIN still works afterwards and the
useless AUTH is not sent anymore.
-------------------
--- /etc/exim4/exim4.conf.template 2005-06-28 20:06:51.000000000 +0200
+++ exim4.conf.template 2005-08-19 20:10:57.650453912 +0200
@@ -1692,7 +1692,11 @@
driver = plaintext
public_name = LOGIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
- client_send = "${if !eq{$tls_cipher}{}{}fail}\
+ client_send = "${if and{\
+ {!eq{$tls_cipher}{}}\
+ {!eq{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}{}}\
+ }\
+ {}fail}\
: ${extract{1}{::}\
{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} \
: ${extract{2}{::}\
-------------------
a similar change will go into the .else clause, but I am too lazy for
that now.
cu andreas
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"
http://downhill.aus.cc/
More information about the Pkg-exim4-maintainers
mailing list