Mailing List Archive

From: Graeme Fowler via Exim-users <exim-users@exim.org>
Date: Tue, 11 Apr 2023 18:44:22 +0100
> ... problem is on your filesystem rather than on-the-wire.

Another helpful tip is in https://wiki.debian.org/Exim4Gmail.
/etc/exim4/passwd.client had permissions 600. Now 640.

$ ls -ld /etc/exim4/passwd.client
-rw-r----- 1 root Debian-exim 249 Apr 12 06:35 /etc/exim4/passwd.client

Then created a fresh debug output which is here.
http://easthope.ca/ex1

It has these lines.
08:33:42 4098 internal_search_find: file="/etc/exim4/passwd.client"
08:33:42 4098 type=nwildlsearch key="easthope.ca" opts=NULL
08:33:42 4098 file lookup required for easthope.ca
08:33:42 4098 in /etc/exim4/passwd.client
08:33:42 4098 easthope.ca in "mail.easthope.ca"? no (end of list)
08:33:42 4098 lookup failed

/etc/exim4/passwd.client can be read by Debian-exim and has only
one active line beginning with mail.easthope.ca. This is the same
snag as mentioned by Jeremy, Tue, 11 Apr 2023 18:56:10 +0100?
"- they presented a server certificate that we don't like; specifically,
the list of systems that are supposed to use the cert did not include
the name we think the server has (the one we made a TCP connection to)."

A little further down.
08:33:43 4098 SMTP(closed)<<
08:33:43 4098 Remote host closed connection in response to pipelined
DATA

The smarthost refused to continue the conversation?

Command options are explained fairly well. I'm not clear about the
command and argument.
exim -d+all -odf peter@easthope.ca ...

Exim is invoked to send a test message to peter@easthope.ca?
Similar to the Swaks autocreated test message?
Exim attempts to send the messages in the spool addressed to peter?

Yes, I opened
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_command_line.html
Under heading "1. Setting options by program name" are five cases not
including exim.

Thanks, ... P.


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 12/04/2023 18:51, Peter via Exim-users wrote:
> It has these lines.


08:33:42 4098 /considering: ${lookup{$host}nwildlsearch{/etc/exim4/passwd.client}{$host_address}}}{} }

we're doing a string expansion, which will request a lookup...

08:33:42 4098 /considering: $host}nwildlsearch{/etc/exim4/passwd.client}{$host_address}}}{} }
08:33:42 4098 |--expanding: $host
08:33:42 4098 \_____result: easthope.ca

the key we're looking up is the destination host for the transport, "easthope.ca"

08:33:42 4098 /considering: /etc/exim4/passwd.client}{$host_address}}}{} }
08:33:42 4098 |--expanding: /etc/exim4/passwd.client
08:33:42 4098 \_____result: /etc/exim4/passwd.client

this is the DB we're to do the the lookup in

08:33:42 4098 search_open: nwildlsearch "/etc/exim4/passwd.client"
08:33:42 4098 search_find: file="/etc/exim4/passwd.client"
08:33:42 4098 key="easthope.ca" partial=-1 affix=NULL starflags=0 opts=NULL
08:33:42 4098 LRU list:
08:33:42 4098 :/etc/exim4/passwd.client
08:33:42 4098 End
08:33:42 4098 internal_search_find: file="/etc/exim4/passwd.client"
08:33:42 4098 type=nwildlsearch key="easthope.ca" opts=NULL
08:33:42 4098 file lookup required for easthope.ca
08:33:42 4098 in /etc/exim4/passwd.client
08:33:42 4098 easthope.ca in "mail.easthope.ca"? no (end of list)
08:33:42 4098 lookup failed

... and no, it isn't there.

> /etc/exim4/passwd.client can be read by Debian-exim and has only
> one active line beginning with mail.easthope.ca.

... sounds like that's the right answer, given the file content.

> A little further down.
> 08:33:43  4098   SMTP(closed)<<
> 08:33:43  4098 Remote host closed connection in response to pipelined DATA
>
> The smarthost refused to continue the conversation?

Correct. Before that close from it, we see:

08:33:43 4098 sync_responses expect rcpt
08:33:43 4098 SMTP<< 550 SMTP AUTH is required for message submission on port 587

meaning: we wanted it's response to a "RCPT" comamnd we sent it,
and that response was and error code (the 550 value) along with
a comment for humans "SMTP AUTH is required for message submission on port 587".

So we didn't manage to authenticated ourselves to them. In fact, we
didn't event try, probably because that lookup didn't find a match for that
key.
--
Cheers,
Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Wed, 12 Apr 2023, Peter via Exim-users wrote:

> From: Graeme Fowler via Exim-users <exim-users@exim.org>
> Date: Tue, 11 Apr 2023 18:44:22 +0100
>> ... problem is on your filesystem rather than on-the-wire.
>
> Another helpful tip is in https://wiki.debian.org/Exim4Gmail.
> /etc/exim4/passwd.client had permissions 600. Now 640.
>
> $ ls -ld /etc/exim4/passwd.client
> -rw-r----- 1 root Debian-exim 249 Apr 12 06:35 /etc/exim4/passwd.client
>
> Then created a fresh debug output which is here.
> http://easthope.ca/ex1
>
> It has these lines.
> 08:33:42 4098 internal_search_find: file="/etc/exim4/passwd.client"
> 08:33:42 4098 type=nwildlsearch key="easthope.ca" opts=NULL
> 08:33:42 4098 file lookup required for easthope.ca
> 08:33:42 4098 in /etc/exim4/passwd.client
> 08:33:42 4098 easthope.ca in "mail.easthope.ca"? no (end of list)
> 08:33:42 4098 lookup failed
>
> /etc/exim4/passwd.client can be read by Debian-exim and has only
> one active line beginning with mail.easthope.ca. This is the same
> snag as mentioned by Jeremy, Tue, 11 Apr 2023 18:56:10 +0100?
> "- they presented a server certificate that we don't like; specifically,
> the list of systems that are supposed to use the cert did not include
> the name we think the server has (the one we made a TCP connection to)."

Jeremy's last message metioned that this failure was correct given
the content of /etc/exim4/passwd.client
I think that means you need a line for easthope.ca in
/etc/exim4/passwd.client - a line for mail.easthope.ca is not the same
thing.

---
I am concerned about this line:
08:33:42 4098 158.69.159.172 in hosts_require_auth? no (option unset)

I think your smtp transport needs a line something like
hosts_require_auth = *
or
hosts_require_auth = hornby.islandhosting.com

(since 158.69.159.172 is hornby.islandhosting.com).

**BUT** do not do this until tls is working, otherwise you will ******
******* send your password across the internet in plain text. ******

IIRC you want to force TLS on this connection. If so you should also have
hosts_require_tls = hornby.islandhosting.com



> A little further down.
> 08:33:43 4098 SMTP(closed)<<
> 08:33:43 4098 Remote host closed connection in response to pipelined DATA
>
> The smarthost refused to continue the conversation?
>
> Command options are explained fairly well. I'm not clear about the
> command and argument.
> exim -d+all -odf peter@easthope.ca ...
>
> Exim is invoked to send a test message to peter@easthope.ca?
> Similar to the Swaks autocreated test message?
> Exim attempts to send the messages in the spool addressed to peter?
>
> Yes, I opened
> https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_command_line.html
> Under heading "1. Setting options by program name" are five cases not
> including exim.
>
> Thanks, ... P.
>
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/