Norbert Preining
2005-Jul-13 13:19 UTC
[Pkg-exim4-users] cram_md5 authentication between exim3 and exim4
Hi all!
I have a question concerning exim and cram-md5 authentication:
We have a server running exim3 (debian woody) and the following entry in
the config file
# AUTHENTICATION CONFIGURATION
cram:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${lookup{*}lsearch{/etc/exim/clientpasswd}{$1}fail}
server_set_id = $1
and the corresponding /etc/exim/clientpasswd file:
gandalf:foobar
the client uses exim4 (debian sid) and the following config file
snippet:
begin authenticators
cram_md5:
driver = cram_md5
public_name = CRAM-MD5
client_name =
${extract{1}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}
client_secret =
${extract{2}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}
with the following entry in /etc/exim4/passwd.client:
our.mail.server.com:gandalf:foobar
I have our.mail.server.com as smart host, but when I try to deliver an
email via this server the following happens (log from server exim):
SMTP<< EHLO gandalf.localdomain
set_process_info: 8606 handling incoming connection from
host28-221.pool80183.interbusiness.it (gandalf.localdomain)
[80.183.221.28]
SMTP>> 250-our.mail.server.com Hello host28-221.pool80183.interbusiness.it
[80.183.221.28]
250-SIZE
250-PIPELINING
250-AUTH CRAM-MD5
250 HELP
SMTP<< AUTH CRAM-MD5
SMTP>> 334 PDg2MDYuMTEyMTE4NTczMkBhbHBoYS5sb2dpYy50dXdpZW4uYWMuYXQ+
SMTP>> 535 Incorrect authentication data
LOG: 0 MAIN REJECT
So there seems to be an error in my configuration, but I cannot see
where it is. Can someone help me getting this fixed?
Best wishes and thanks a lot
Norbert
-------------------------------------------------------------------------------
Dr. Norbert Preining <preining AT logic DOT at> Università di
Siena
sip:preining@at43.tuwien.ac.at +43 (0) 59966-690018
gpg DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094
-------------------------------------------------------------------------------
SAFFRON WALDEN (n.)
To spray the person you are talking to with half-chewed breadcrumbs or
small pieces of whitebait.
--- Douglas Adams, The Meaning of Liff
--
Haeufig gestellte Fragen und Antworten (FAQ):
http://www.de.debian.org/debian-user-german-FAQ/
Zum AUSTRAGEN schicken Sie eine Mail an
debian-user-german-REQUEST@lists.debian.org
mit dem Subject "unsubscribe". Probleme? Mail an
listmaster@lists.debian.org (engl)
Herzliche Grüße
Best wishes
Norbert
-------------------------------------------------------------------------------
Dr. Norbert Preining <preining AT logic DOT at> Università di
Siena
sip:preining@at43.tuwien.ac.at +43 (0) 59966-690018
gpg DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094
-------------------------------------------------------------------------------
DUNBAR (n.)
A highly specialised fiscal term used solely by turnstile
operatives at Regnet''s Part zoo. It refers to the variable amount of
increase in the variable gate takings on a Sunday afternoon, caused by
persons going to the zoo because they are in love and believe that the
feeling of romance will be somehow enhanced by the smell of panther
sweat and rank incontinence in the reptile house.
--- Douglas Adams, The Meaning of Liff
Andreas Metzler
2005-Jul-13 15:23 UTC
[Pkg-exim4-users] cram_md5 authentication between exim3 and exim4
On 2005-07-13 Norbert Preining <preining@logic.at> wrote: [...]> with the following entry in /etc/exim4/passwd.client: > our.mail.server.com:gandalf:foobar[...]> So there seems to be an error in my configuration, but I cannot see > where it is. Can someone help me getting this fixed?Is ''our.mail.server'' a CNAME? Have you tried to find out whether the problem is on the server or on the server-side, for example by using swaks? cu andreas
Norbert Preining
2005-Jul-13 15:45 UTC
[Pkg-exim4-users] cram_md5 authentication between exim3 and exim4
On Mit, 13 Jul 2005, Andreas Metzler wrote:> On 2005-07-13 Norbert Preining <preining@logic.at> wrote: > [...] > > with the following entry in /etc/exim4/passwd.client: > > our.mail.server.com:gandalf:foobar > [...] > > So there seems to be an error in my configuration, but I cannot see > > where it is. Can someone help me getting this fixed? > > > Is ''our.mail.server'' a CNAME? Have you tried to find out whether theour.mail.server.com is of course not the real name, but the name as used as smarthost entry and it is the canonic name for the ip address.> problem is on the server or on the server-side, for example by using > swaks?Umpf, what is swaks, I will search for it. Best wishes Norbert ------------------------------------------------------------------------------- Dr. Norbert Preining <preining AT logic DOT at> Università di Siena sip:preining@at43.tuwien.ac.at +43 (0) 59966-690018 gpg DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094 ------------------------------------------------------------------------------- GODALMING (n.) Wonderful rush of relief on discovering that the ely (q.v.) and the wembley (q.v.) were in fact false alarms. --- Douglas Adams, The Meaning of Liff
Norbert Preining
2005-Jul-13 16:09 UTC
[Pkg-exim4-users] cram_md5 authentication between exim3 and exim4
On Mit, 13 Jul 2005, Norbert Preining wrote:> our.mail.server.com is of course not the real name, but the name as used > as smarthost entry and it is the canonic name for the ip address. > > > problem is on the server or on the server-side, for example by using > > swaks? > > Umpf, what is swaks, I will search for it.Ok, here a run with swaks from the client to the server: ./swaks --auth CRAM-MD5 --server our.mail.server.com --auth-user username --auth-password password To: preining@gmail.com === Trying our.mail.server.com:25... === Connected to our.mail.server.com. <- 220 our.mail.server.com ESMTP Exim 3.35 #1 Wed, 13 Jul 2005 17:53:56 +0200 -> EHLO gandalf.localdomain <- 250-our.mail.server.com Hello norbert at host196-222.pool8175.interbusiness.it [81.75.222.196] <- 250-SIZE <- 250-PIPELINING <- 250-AUTH CRAM-MD5 <- 250 HELP -> AUTH CRAM-MD5 <- 334 PDE0OTU1LjExMjEyNzAwMzdAYWxwaGEubG9naWMudHV3aWVuLmFjLmF0Pg= -> Z2FuZGFsZiA2ZDcxNDUxNzFhZTY2MTYxNzFlZGMwMGQ1YjgxZGFmNQ=<** 535 Incorrect authentication data *** No authentication type succeeded -> QUIT <- 221 our.mail.server.com closing connection === Connection closed by foreign host. Which does not give me more information. Best wishes Norbert ------------------------------------------------------------------------------- Dr. Norbert Preining <preining AT logic DOT at> Università di Siena sip:preining@at43.tuwien.ac.at +43 (0) 59966-690018 gpg DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094 ------------------------------------------------------------------------------- `How do you feel?'' he asked him. bits of me keep passing out.'' .... `We''re safe,'' he said. `Oh good,'' said Arthur. in one of the spaceships of the Vogon Constructor Fleet.'' this is obviously some strange usage of the word "safe" that I wasn''t previously aware of.'' --- Arthur after his first ever teleport ride. --- Douglas Adams, The Hitchhikers Guide to the Galaxy
Andreas Metzler
2005-Jul-13 16:24 UTC
[Pkg-exim4-users] cram_md5 authentication between exim3 and exim4
On 2005-07-13 Norbert Preining <preining@logic.at> wrote: [...]> Ok, here a run with swaks from the client to the server: > ./swaks --auth CRAM-MD5 --server our.mail.server.com --auth-user username --auth-password password > To: preining@gmail.com[...]> -> AUTH CRAM-MD5 > <- 334 PDE0OTU1LjExMjEyNzAwMzdAYWxwaGEubG9naWMudHV3aWVuLmFjLmF0Pg=> -> Z2FuZGFsZiA2ZDcxNDUxNzFhZTY2MTYxNzFlZGMwMGQ1YjgxZGFmNQ=> <** 535 Incorrect authentication data > *** No authentication type succeeded > -> QUIT > <- 221 our.mail.server.com closing connection > === Connection closed by foreign host. > > Which does not give me more information.Well, it tells you the the problem is on the server-side ... cu andreas
Norbert Preining
2005-Jul-13 16:35 UTC
[Pkg-exim4-users] cram_md5 authentication between exim3 and exim4
On Mit, 13 Jul 2005, Andreas Metzler wrote:> Well, it tells you the the problem is on the server-side ...Ok, my first step was to get a fixed username/secret pair: cram: driver = cram_md5 public_name = CRAM-MD5 server_secret = ${if eq{$1}{username}{password}fail} server_set_id = $1 And then called swaks: $ ./swaks --auth CRAM-MD5 --server our.mail.server.com --auth-user username --auth-password password and it worked, at least. (Ok, not totally, relaying is still not permitted, but this is the next step!) So why does this not look up the right thing: cram: driver = cram_md5 public_name = CRAM-MD5 server_secret = ${lookup{*}lsearch{/etc/exim/clientpasswd}{$1}fail} server_set_id = $1 Best wishes Norbert ------------------------------------------------------------------------------- Dr. Norbert Preining <preining AT logic DOT at> Università di Siena sip:preining@at43.tuwien.ac.at +43 (0) 59966-690018 gpg DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094 ------------------------------------------------------------------------------- FORD Six pints of bitter. And quickly please, the world''s about to end. BARMAN Oh yes, sir? Nice weather for it. --- Douglas Adams, The Hitchhikers Guide to the Galaxy
Andreas Metzler
2005-Jul-13 16:36 UTC
[Pkg-exim4-users] cram_md5 authentication between exim3 and exim4
On 2005-07-13 Norbert Preining <preining@logic.at> wrote:> I have a question concerning exim and cram-md5 authentication: > > We have a server running exim3 (debian woody) and the following entry in > the config file > # AUTHENTICATION CONFIGURATION > cram: > driver = cram_md5 > public_name = CRAM-MD5 > server_secret = ${lookup{*}lsearch{/etc/exim/clientpasswd}{$1}fail} > server_set_id = $1 > > and the corresponding /etc/exim/clientpasswd file: > gandalf:foobarThat is broken. You are looking up a literal "*" in clientpasswd and returning $1 on success. You need to lookup the given username (as present in variable $1) and return the value keyed to this entry instead. This might do what you want to: cram: driver = cram_md5 public_name = CRAM-MD5 server_secret = ${lookup{$1}lsearch{/etc/exim/clientpasswd}{value}fail} server_set_id = $1 cu and- Finnish sun makes me slow -reas
Norbert Preining
2005-Jul-13 16:41 UTC
[Pkg-exim4-users] cram_md5 authentication between exim3 and exim4
On Mit, 13 Jul 2005, Norbert Preining wrote:> So why does this not look up the right thing: > server_secret = ${lookup{*}lsearch{/etc/exim/clientpasswd}{$1}fail}because it should be server_secret = ${lookup{$1}lsearch{/etc/exim/clientpasswd}{$value}fail} Stupid me, where did I copy this from? Thanks for helping! Best wishes Norbert ------------------------------------------------------------------------------- Dr. Norbert Preining <preining AT logic DOT at> Università di Siena sip:preining@at43.tuwien.ac.at +43 (0) 59966-690018 gpg DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094 ------------------------------------------------------------------------------- BLITHBURY A look someone gives you by which you become aware that they''re much too drunk to have understood anything you''ve said to them in the last twenty minutes. --- Douglas Adams, The Meaning of Liff