Bug#314184: exim4-config: Missing macro for SMTP smarthosts which require AUTH but do not provide encrypted connection.

Marc Haber Marc Haber <mh+debian-packages@zugschlus.de>, 314184@bugs.debian.org
Wed, 15 Jun 2005 07:25:20 +0200 

hi,

On Wed, Jun 15, 2005 at 12:55:51AM -0400, Matej Cepl wrote:
> Many free SMTP servers require authentication (which is IMHO
> very good thing), but do not provide encrypted connection (which
> is not that good, but what could I do?). Exim4 provides for this
> purpose configuration macro AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
> (which is not documented at all),

It is documented in 30_exim4-config-examples, which is where it is used.

> but it is not used in
> transport/30_exim4-config_remote_smtp_smarthost, which breaks
> the delivery.

Please document how it does break delivery

> Please, consider applying the attached patch (or
> creating a better solution).

The attached patch won't hold. You need to modify the files for split
config as they are the authoritative source for exim4.conf.template

> --- exim4.conf.template	2005/06/15 04:15:48	1.3
> +++ exim4.conf.template	2005/06/15 04:48:34
> @@ -1357,8 +1357,11 @@
>  remote_smtp_smarthost:
>    debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
>    driver = smtp
> -  #MC#hosts_try_auth = ${if exists {CONFDIR/passwd.client}{DCsmarthost}{}}
> -  hosts_require_auth = ${if exists {CONFDIR/passwd.client}{DCsmarthost}{}}
> +  .ifdef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
> +    hosts_require_auth = ${if exists {CONFDIR/passwd.client}{DCsmarthost}{}}
> +  .else
> +    hosts_try_auth = ${if exists {CONFDIR/passwd.client}{DCsmarthost}{}}
> +  .endif
>    tls_tempfail_tryclear = false
>    DEBCONFheaders_rewriteDEBCONF
>    DEBCONFreturn_pathDEBCONF

The patch won't apply since your reference file was changed from the
package.

I also don't see what the difference between hosts_require_auth and
hosts_try_auth will do with regard to unencrypted passwords. The
difference is that hosts_require_auth will defer delivery with a
temporary error if authentication fails (breaking delivery for
smarthosts which do not require authentication), while hosts_try_auth
will then try to transfer unauthenticated, which will probably yield a
permanent error in the case the smarthost requires auth. This doesn't
have anything to do with encryption.

Please substantiate your proposal.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835