Pkg exim4 users - Feb 2006 - smtp client authentication

Can someone tell me what I''m doing wrong?

I''m trying to set up exim4 on a Debian Sarge system to send e-mail to
my
ISP using my normal credentials. So far everything I''ve tried still 
results in the exim log showing a 530 error when connecting. I''m trying
to connect to a Rogers server, so my passwd.client line is:

smtp.broadband.rogers.com:garydale@rogers.com:mypassword

This is the same authentication information I had to provide to 
Thunderbird. Just doing that didn''t work, so I also modified 
conf.d/auth/30_exim4-config_examples by uncommenting the scripts at the 
end that seem to allow smtp client authentication.

Again this didn''t work.

Reading the comments, I tried setting AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS 
but that results in an "authenticator name missing" error when I
restart
exim4.

This is the same machine that I use Thunderbird  on, so the mail can get 
through.  However, I need to send some mail from a script, I need to get 
mail or mutt to handle it. From my reading, it looks like they both need 
an MTA to handle the sending.

Any hints on how to get exim4 to do the connection?

On Fri, Feb 03, 2006 at 05:50:29PM -0500, Gary Dale
wrote:
> smtp.broadband.rogers.com:garydale@rogers.com:mypassword
smtp.broadband.rogers.com is a CNAME, so you''re most likely a victim
of #244724. The bug report has also a workaround listed.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

Marc Haber wrote:
>On Fri, Feb 03, 2006 at 05:50:29PM -0500, Gary Dale wrote:
>  
>
>>smtp.broadband.rogers.com:garydale@rogers.com:mypassword
>>    
>>
>
>smtp.broadband.rogers.com is a CNAME, so you''re most likely a
victim
>of #244724. The bug report has also a workaround listed.
>
>Greetings
>Marc
>
>  
>
Still no joy in Mudville, I''m afraid. It seems like exim4 is reaching a
server but not authenticating properly. Here is a clip from the 
exim4/mainlog:

2006-02-04 17:26:10 1F5Vr8-0004N0-Fn <= garydale@twoponder U=garydale 
P=local S=349
2006-02-04 17:26:10 1F5Vr8-0004N0-Fn ** gary@extremeground.com 
R=smarthost T=remote_smtp_smarthost: SMTP error from remote mailer after 
MAIL FROM:<garydale@rogers.com>: host smtp-rog.mail.yahoo2.akadns.net 
[206.190.36.18]: 530 authentication required - for help go to 
http://help.yahoo.com/help/us/mail/pop/pop-11.html
2006-02-04 17:26:10 1F5Vr8-0004N4-Rt <= <> R=1F5Vr8-0004N0-Fn 
U=Debian-exim P=local S=1379
2006-02-04 17:26:10 1F5Vr8-0004N0-Fn Completed
2006-02-04 17:26:11 1F5Vr8-0004N4-Rt ** garydale@twoponder R=smarthost 
T=remote_smtp_smarthost: SMTP error from remote mailer after MAIL 
FROM:<>: host smtp-rog.mail.yahoo2.akadns.net [206.190.36.18]: 530 
authentication required - for help go to 
http://help.yahoo.com/help/us/mail/pop/pop-11.html

twoponder is the name of the computer I''m sending from. 
gary@extremeground.com is a reply-to header I use on business e-mail. 
garydale@rogers.com is my e-mail account on Rogers.

Also, I''ve got several messages stuck in exim''s queue that
don''t want to
go anywhere. How do I clear them out?

On Sun, Feb 05, 2006 at 09:53:02PM -0500, Gary Dale
wrote:
> Marc Haber wrote:
> >On Fri, Feb 03, 2006 at 05:50:29PM -0500, Gary Dale wrote:
> >>smtp.broadband.rogers.com:garydale@rogers.com:mypassword
> >
> >smtp.broadband.rogers.com is a CNAME, so you''re most likely a
victim
> >of #244724. The bug report has also a workaround listed.
> >
> Still no joy in Mudville, I''m afraid. It seems like exim4 is
reaching a
> server but not authenticating properly.
What did you change to work around the issue seen in #244724?

Can you try sending a message with exim -d, to see what it tries to
find authentication data?
> Also, I''ve got several messages stuck in exim''s queue
that don''t want to
> go anywhere. How do I clear them out?
Use a combination of exiqgrep, exipick, xargs and exim -Mrm.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

[For the list archive]

On Mon, Feb 06, 2006 at 07:31:59AM +0100, Marc Haber
wrote:
> Can you try sending a message with exim -d, to see what it tries to
> find authentication data?
Gary delivered that information in private, and it showed that his
mail server doesn''t advertise STARTTLS. He had, thus, to allow his
exim to authenticate unencrypted.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

I''ve got exim4 handling sending e-mail on my home workstation (Debian 
Sarge) for test purposes. When I put it up on a small office server 
however, I ran into problems. At various times I have been getting some 
messages coming through, but right now I have nothing.

As near as I can tell, the two machines have identical exim4 setups 
except for the server and account names. The account information for 
/etc/passwd.client is taken from the SMTP settings in a working 
Thunderbird client, as is the SMTP server name.

The update-exim4.conf.conf looks to have the same basic information in 
both cases. I stepped through dpkg-reconfigure on both machines at the 
same time to ensure that I had the same values in both - just the exact 
names were changed to reflect different ISPs and local machines.

The messages that were coming through earlier were both my test messages 
and some cron job messages. An interesting note is that they were coming 
though as being from root@torfree.net, which is not the ISP I was using 
and has nothing to do with the system I''m sending them from. 
"torfree.net" is the domain I was sending the messages to, so I
suspect
this might have something to do with a misconfiguration earlier.  :)

Anyway, the immediate problem I''m having in trying to debug this is
that
every message I try to send ends showing up in the queue and logs as 
"Spool file is locked (another process is handling this message)". The
messages stay in that state until they drop out of the queue after 24 hours.

Any ideas on what is causing this, and how I do I fix it?


My /etc/exim4/passwd.client file is in the form:
*:username@eol.ca:password


My exim4 dpkg-reconfigure file is:

# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use ''dpkg-reconfigure exim4-config''

dc_eximconfig_configtype=''satellite''
dc_other_hostnames=''localhost.localdomain''
dc_local_interfaces=''127.0.0.1''
dc_readhost=''eol.ca''
dc_relay_domains=''''
dc_minimaldns=''false''
dc_relay_nets=''''
dc_smarthost=''mail.eol.ca''
CFILEMODE=''644''
dc_use_split_config=''true''
dc_hide_mailname=''true''
dc_mailname_in_oh=''true''

The other files are stock Debian/Sarge except that I defined 
AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS.

On Fri, Feb 10, 2006 at 06:20:43PM -0500, Gary Dale
wrote:
> Anyway, the immediate problem I''m having in trying to debug this
is that
> every message I try to send ends showing up in the queue and logs as 
> "Spool file is locked (another process is handling this
message)". The
> messages stay in that state until they drop out of the queue after 24
hours.
Maybe you have the usual (and yet unsolved) GnuTLS entropy issue. Has
your system enough entropy?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

Marc Haber wrote:
>On Fri, Feb 10, 2006 at 06:20:43PM -0500, Gary Dale wrote:
>  
>
>>Anyway, the immediate problem I''m having in trying to debug
this is that
>>every message I try to send ends showing up in the queue and logs as 
>>"Spool file is locked (another process is handling this
message)". The
>>messages stay in that state until they drop out of the queue after 24
hours.
>>    
>>
>
>Maybe you have the usual (and yet unsolved) GnuTLS entropy issue. Has
>your system enough entropy?
>
>Greetings
>Marc
>
>  
>
No. I''m running a 2.6.15 kernel to facilitate PPTP and this apparently 
is bad for entropy. Mine is currently reading between 2 and 50, which I 
understand is way too low.

Any suggestions?

Interesting. I guess the system found some entropy overnight because 
this morning I found a flood of pent-up messages in my in-box. Some of 
them were more than 24 hours old. I guess the good news is that I do 
have my system configured properly.

However, the delay is unacceptable. I found an entropy-generator on the 
Debian Wiki (http://wiki.debian.org/PkgExim4KnownBugsInSarge) that runs 
off of a maildir, but my server isn''t used for mail and it
doesn''t get a
lot of file activity either.

Do I need file activity to get a good entropy generator or can I 
generate it using static files - such as documents that don''t change 
very often?


-------------------------------------------

Marc Haber wrote:
>On Fri, Feb 10, 2006 at 06:20:43PM -0500, Gary Dale wrote:
>  
>
>>Anyway, the immediate problem I''m having in trying to debug
this is that
>>every message I try to send ends showing up in the queue and logs as 
>>"Spool file is locked (another process is handling this
message)". The
>>messages stay in that state until they drop out of the queue after 24
hours.
>>    
>>
>
>Maybe you have the usual (and yet unsolved) GnuTLS entropy issue. Has
>your system enough entropy?
>
>Greetings
>Marc
>
>  
>
No. I''m running a 2.6.15 kernel to facilitate PPTP and this apparently
is bad for entropy. Mine is currently reading between 2 and 50, which I
understand is way too low.

Any suggestions?

Um 08:34 Uhr am 11.02.06 schrieb Gary Dale:
> Interesting. I guess the system found some entropy overnight because this
> morning I found a flood of pent-up messages in my in-box. Some of them were
> more than 24 hours old. I guess the good news is that I do have my system
> configured properly.
 
> However, the delay is unacceptable. I found an entropy-generator on the
Debian
> Wiki (http://wiki.debian.org/PkgExim4KnownBugsInSarge) that runs off of a
> maildir, but my server isn''t used for mail and it doesn''t
get a lot of file
> activity either.
You can change the script to use files from "/" rather than from 
"/var/mail".

But: I found this script to never regenerate enough entropy, so I 
recompiled all my exims with OpenSSL (use the source from backports.org) 
so exim does not block, when the entropy pool is empty.
 
BTW: I am cursing at the kernel developers at a daily basis for making 
such a drastic change to the entropy gathering system without any further 
notice. For example the big mailserver at my university hat *no* entropy 
sources with 2.6.15, since the network interrupts don''t generate any 
entropy any more and the GDTH-RAID controller also does not contribute to 
the pool.

The only solution here was to patch the kernel and to put SA_SAMPLE_RANDOM 
into the network cards and the gdth driver. (Or buy a hardware RNG; which 
sell at about 300EUR.)

All in all, the situation is pretty bad with any kernel newer than 2.6.11.

Gr??e,
Sven.

-- 
Sven Hartge -- professioneller Unix-Geek
Meine Gedanken im Netz: http://www.svenhartge.de/

Achtung, neue Mail-Adresse: sven@svenhartge.de