Bug#742901: exim4 didn't send authentication: fixed

David Lawyer dave at lafn.org
Fri Apr 4 21:36:38 UTC 2014 

> On 2014-03-28 David Lawyer <dave at lafn.org> wrote:
> > Package: exim4_4.82-5_all
> > Version: 4.82-5
> 
> > I have 4 exim4 packages installed for each version.  When I updated
> > exim4 from 4.80-4 to 4.82-5, exim broke since it would not output
> > email to my smart-host.  The logs said that the smart-host said
> > "Relaying denied.  Proper authentication required."  I wrote a test
> > script which ran exim with -d (debug) for both versions (4.80 and
> > 4.82).  The debug output is attached as a wdiff file showing the
> > difference between the output for 4.80 and 4.82.
> 
> > What is observed from looking at this debug output is: After my exim
> > and the smart-host (server) agree on "using PIPELINING" both
> > versions of exim find my name and password.  But next they do
> > "scanning authentication mechanisms" quite differently.  4.80 looks
> > up my password twice more (wasted effort since my password has
> > already been found).  It then sends authentication to the server by
> > SMTP>> AUTH PLAIN *****..** and the server responds "OK
> > Authenticated".  Then the header FROM: TO: and DATA is sent to the
> > sever.
> 
> > But 4.82 just skips any authentication and sends FROM: TO: and DATA
> > to the server OK.  The server say the sender is OK but then after
> > repeating the TO: address says "Relaying denied.  Proper
> > authentication required."  It's obvious this is happening because of
> > the failure of 4.82 to send any authentication to the server.
> [...]

I've fixed it.  What was wrong was not in exim but in the the /etc/exim4/exim4.conf.template file.  I first searched for the tls_out_cipher variable in this file and couldn't find it.  So I reinstalled the new version 4.82 (by "aptitude exim" and still couldn't find it since the installation failed to update this conf. file (and didn't even ask me if I wanted to update it).  Then I found out that there is an exim4.config package so I installed it and the bug is fixed: My outgoing exim now works OK (for 4.82) so I assume that authentication also is OK.  And the template file now contains tls_out-cipher and not tls_cipher.

But there still remains the bug of using aptitude to install the latest version of exim but not getting the configuration updated.  Shouldn't a late version of exim.conf be a dependency of another exim4 package?  I haven't checked package dependencies but there may be an error here (or in aptitude).  Could you check on this?
s
On Sat, Mar 29, 2014 at 06:34:01PM +0100, Andreas Metzler wrote:
> 
> Hello David,
> 
> thank you for the extensive info. The only relevant thing on the
> configuration side that changed is this:
> -----------
>  <   client_send = "<; ${if !eq{$tls_cipher}{}\
>  >   client_send = "<; ${if !eq{$tls_out_cipher}{}\
> -----------
> This should show up if "-d+auth+expand" is used instead of a simple
> "-d". - Could you please doublecheck that $tls_out_cipher expands to
> an empty value?
> 
> I think there is indeed a problem with $tls_out_cipher (See
> <http://bugs.exim.org/show_bug.cgi?id=1455>), as a workaround you can
> edit the plain and login authenticator and replace tls_out_cipher with
> tls_cipher for the time being.
> 
> Your wdiff-file included login info in the lookup results. I assume
> you realized this and replaced the actual password with a dummy one
> before posting.
> 
> cu Andreas
> -- 
> 
			David Lawyer

More information about the Pkg-exim4-maintainers mailing list