Sorry to revisit this again. I seem to have authentication working - certainly typing an EHLO at the command line shows authentication advertisements. One client (actually this one) is so lame it sends a HELO rather than an EHLO and doesn''t receive an authentication advertisement. So I had to resort to using Outlook Express (urgh) in order to trial things. It will work - but only if the client address is listed in the relay_nets range in update-exim4.conf.conf So my question is what is the way to get authentication to work without there having to be an entry in that field? Regards Neil ------------------------------------------------------------------------------------ Scanned for viruses, spam and offensive content by CensorNet MailSafe Professional Web & E-mail Filtering from www.censornet.com
On Fri, Aug 25, 2006 at 10:13:00AM +0100, Neil Briscoe wrote:> One client (actually this one) is so lame it sends a HELO rather than an > EHLO and doesn''t receive an authentication advertisement.If it says HELO, it does only speak plain SMTP, which does not know about extensions and thus cannot support authentication. There is nothing exim can do.> So I had to resort to using Outlook Express (urgh) in order to trial > things. It will work - but only if the client address is listed in the > relay_nets range in update-exim4.conf.confBy allowing exim to relay unconditionally you are effectively switching off authentication. Some very broken Outlook Express versions demand "250-AUTH=" instead of "250-AUTH " as authentication advertisement. Exim can be coaxed into issueing this advertisement by uncommenting the support_broken_outlook_express_4_server authenticator in the configuration.> So my question is what is the way to get authentication to work without > there having to be an entry in that field?You are _not_ making authentication work by entering IP addresses in relay_nets - you''re doing the opposite. Which is not a big problem if the client in question has a static IP address. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Thanks Marc Yes, I had read the comment in the template file explaining about broken versions of OE. I didn''t think my copy, nor the person I''m trying to arrange this for, fell into the trap - but perhaps they do after all. Regards Neil ------------------------------------------------------------------------------------ Scanned for viruses, spam and offensive content by CensorNet MailSafe Professional Web & E-mail Filtering from www.censornet.com
On Fri, Aug 25, 2006 at 12:30:00PM +0100, Neil Briscoe wrote:> Yes, I had read the comment in the template file explaining about broken > versions of OE. I didn''t think my copy, nor the person I''m trying to > arrange this for, fell into the trap - but perhaps they do after all.You could run a test daemon with -d -bd or -v -bd (probably on a different port to not disturb your running service) and see whether the Outl**k client tries to authenticate or not. If that is not possible, try tcpdumping with an appropriate filter to see what''s going on "on the wire". Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835