Bug#736081: Won't authenticate over STARTTLS without AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
Juliusz Chroboczek
jch at pps.univ-paris-diderot.fr
Sun Jan 19 15:11:26 UTC 2014
Package: exim4-daemon-light
Version: 4.82-3
Smarthost requires STARTTLS and PLAIN login -- therefore the
connection is authenticated. A default install refuses to authenticate:
SMTP>> STARTTLS
SMTP<< 220 2.0.0 Ready to start TLS
SMTP>> EHLO x.x.x.x
SMTP<< 250-x.x.x.x
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
[...]
x.x.x.x in hosts_require_auth? no (option unset)
search_open: nwildlsearch "/etc/exim4/passwd.client"
search_find: file="/etc/exim4/passwd.client"
key="x.x.x.x" partial=-1 affix=NULL starflags=0
[...]
x.x.x.x in "*.x.x"? yes (matched "*.x.x")
lookup yielded: x:x
[...]
SMTP>> MAIL FROM:<> SIZE=2447
SMTP>> RCPT TO:<jch at x.x.x>
SMTP>> DATA
[...]
SMTP<< 250 2.1.0 Ok
SMTP<< 554 5.7.1 <unknown[x.x.x.x]>: Client host rejected: Access denied
SMTP<< 554 5.5.1 Error: no valid recipients
If I add ``AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS = true'' to the exim
configuration, everything works fine:
SMTP>> STARTTLS
SMTP<< 220 2.0.0 Ready to start TLS
SMTP>> EHLO x.x.x.x
SMTP<< 250-x.x.x.x
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
SMTP>> AUTH PLAIN ********************
SMTP<< 235 2.7.0 Authentication successful
However, this should not be needed, since the connection is protected
by TLS.
-- Juliusz
More information about the Pkg-exim4-maintainers
mailing list