Pkg exim4 users - Dec 2006 - Smarthost stopped working

Thanks for the quick reply!
>> A few weeks ago, I started getting error messages like this:
>>
>> 550 <username@domain.org>: Recipient address rejected: No
>> such domain at this location (username@domain.org)
> From the logs I can see (even though you have obfuscated a lot) that 
> quarantine.uwplatt.edu doesn''t offer STARTTLS. The plain text
authenticators
> normally refuse to send passwords without TLS encryption.
> Kindly ask the IT folks if they would consider enabling TLS support. If
that
> doesn''t work, or if it takes too long, create a file 
> in /etc/exim4/conf.d/main/ (README.Debian.html suggests calling it 
> 000_localmacros) containing
>
> AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS=yes
I''ll contact the IT people, in the mean time I tried doing as you
suggest by placing the AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS=yes
in /etc/exim4/exim4.conf.localmacros
(I''m using a monolithic config file.)

Then I ran update-exim4.conf and restarted exim4.

It didn''t seem to help.  I''ve attached debug information (less
obfuscated than before).  In fact, when I look at the actual
SMTP connection, it doesn''t look like anything changed.
> If that doesn''t work, check that passwd.client still has the right
> permission bits.
# ls -l /etc/exim4

total 184
-rw-r--r--  1 root root          120 Jun  5  2006 README
drwxr-xr-x  9 root root          224 Oct  1  2004 conf.d
-rw-r--r--  1 root root           40 Dec 11 06:12 exim4.conf.localmacros
-rw-r--r--  1 root root        49625 Dec 11 06:12 exim4.conf.template
-rw-r--r--  1 root root        49627 Nov 10  2004 exim4.conf.template.bak.8209
-rw-r--r--  1 root root        62255 May 27  2005 exim4.conf.template.dpkg-dist
-rw-r-----  1 root Debian-exim   198 Dec 10 19:54 passwd.client
-rw-r--r--  1 root root          501 Dec 10 20:03 update-exim4.conf.conf


-------------- next part --------------
Exim version 4.50 uid=0 gid=0 pid=3556 D=fbb95cfd
Berkeley DB: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
Support for: iconv() IPv6 GnuTLS
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dsearch nis
nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
changed uid/gid: forcing real = effective
  uid=0 gid=0 pid=3556
  auxiliary group list: <none>
configuration file is /var/lib/exim4/config.autogenerated
log selectors = 00000ffc 00020800
trusted user
admin user
skipping ACL configuration - not needed
set_process_info:  3556 delivering specified messages
set_process_info:  3556 delivering 1GtaKL-00017m-5H
reading spool file 1GtaKL-00017m-5H-H
user=Debian-exim uid=102 gid=102 sendersender_local=0 ident=Debian-exim
Non-recipients:
Empty Tree
---- End of tree ----
recipients_count=1
body_linecount=25 message_linecount=10
LOG: MAIN
  Unfrozen by forced delivery
Delivery address list:
  username@domain.org 
locking /var/spool/exim4/db/retry.lockfile
locked /var/spool/exim4/db/retry.lockfile
opened hints database /var/spool/exim4/db/retry: flags=0
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Considering: username@domain.org
unique = username@domain.org
dbfn_read: key=R:domain.org
dbfn_read: key=R:username@domain.org
no domain retry record
no address retry record
username@domain.org: queued for routing
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
routing username@domain.org
--------> hubbed_hosts router <--------
local_part=username domain=domain.org
checking domains
expansion of "${if
exists{/etc/exim4/hubbed_hosts}{partial-lsearch;/etc/exim4/hubbed_hosts}fail}"
forced failure: assume not in this list
hubbed_hosts router skipped: domains mismatch
--------> smarthost router <--------
local_part=username domain=domain.org
checking domains
domain.org in "@:localhost:localhost"? no (end of list)
domain.org in "! +local_domains"? yes (end of list)
R: smarthost for username@domain.org
calling smarthost router
smarthost router called for username@domain.org
  domain = domain.org
route_item = * smtp.nw.uwplatt.edu byname
domain.org in "*"? yes (matched "*")
original list of hosts = "smtp.nw.uwplatt.edu" options = byname
expanded list of hosts = "smtp.nw.uwplatt.edu" options = byname
set transport remote_smtp_smarthost
finding IP address for smtp.nw.uwplatt.edu
calling host_find_byname
gethostbyname2(af=inet6) returned 4 (NO_DATA)
fully qualified name = smtp.nw.uwplatt.edu
gethostbyname2 looked up these IP addresses:
  name=smtp.nw.uwplatt.edu address=137.104.128.91
  name=smtp.nw.uwplatt.edu address=137.104.128.92
queued for remote_smtp_smarthost transport: local_part = username
domain = domain.org
  errors_to=NULL
  domain_data=NULL localpart_data=NULL
routed by smarthost router
  envelope to: username@domain.org
  transport: remote_smtp_smarthost
  host smtp.nw.uwplatt.edu [137.104.128.91]
  host smtp.nw.uwplatt.edu [137.104.128.92]
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
After routing:
  Local deliveries:
  Remote deliveries:
    username@domain.org
  Failed addresses:
  Deferred addresses:
search_tidyup called
>>>>>>>>>>>>>>>> Remote
deliveries >>>>>>>>>>>>>>>>
--------> username@domain.org <--------
search_tidyup called
changed uid/gid: remote delivery to username@domain.org with
transport=remote_smtp_smarthost
  uid=102 gid=102 pid=3557
  auxiliary group list: <none>
set_process_info:  3557 delivering 1GtaKL-00017m-5H using remote_smtp_smarthost
T: remote_smtp_smarthost for username@domain.org
remote_smtp_smarthost transport entered
  username@domain.org
checking status of smtp.nw.uwplatt.edu
locking /var/spool/exim4/db/retry.lockfile
locked /var/spool/exim4/db/retry.lockfile
opened hints database /var/spool/exim4/db/retry: flags=0
dbfn_read: key=T:smtp.nw.uwplatt.edu:137.104.128.91
dbfn_read: key=T:smtp.nw.uwplatt.edu:137.104.128.91:1GtaKL-00017m-5H
no host retry record
no message retry record
smtp.nw.uwplatt.edu [137.104.128.91] status = usable
137.104.128.91 in serialize_hosts? no (option unset)
delivering 1GtaKL-00017m-5H to smtp.nw.uwplatt.edu [137.104.128.91]
(username@domain.org)
set_process_info:  3557 delivering 1GtaKL-00017m-5H to smtp.nw.uwplatt.edu
[137.104.128.91] (username@domain.org)
set_process_info:  3556 delivering 1GtaKL-00017m-5H: waiting for a remote
delivery subprocess to finish
selecting on subprocess pipes
Connecting to smtp.nw.uwplatt.edu [137.104.128.91]:25 ... connected
waiting for data on socket
read response data: size=69
  SMTP<< 220 quarantine.uwplatt.edu ESMTP
(84755efeb3aac4d7c2a7422e561531e9)
137.104.128.91 in hosts_avoid_esmtp? no (option unset)
  SMTP>> EHLO localhost.localdomain
waiting for data on socket
read response data: size=132
  SMTP<< 250-quarantine.uwplatt.edu
         250-PIPELINING
         250-SIZE 100000000
         250-ETRN
         250-AUTH LOGIN PLAIN
         250-AUTH=LOGIN PLAIN
         250 8BITMIME
137.104.128.91 in hosts_require_tls? no (option unset)
using PIPELINING
137.104.128.91 in hosts_require_auth? no (option unset)
gethostbyname2(af=inet6) returned 4 (NO_DATA)
gethostbyname2 looked up these IP addresses:
  name=smtp.nw.uwplatt.edu address=137.104.128.91
  name=smtp.nw.uwplatt.edu address=137.104.128.92
137.104.128.91 in hosts_try_auth? yes (matched "smtp.nw.uwplatt.edu")
scanning authentication mechanisms
plain authenticator yielded 12
login authenticator yielded 12
  SMTP>> MAIL FROM:<> SIZE=2385
  SMTP>> RCPT TO:<username@domain.org>
  SMTP>> DATA
waiting for data on socket
read response data: size=142
  SMTP<< 250 Ok
  SMTP<< 550 <username@domain.org>: Recipient address rejected: No
such domain at this location (username@domain.org)
  SMTP<< 554 Error: no valid recipients
SMTP error from remote mailer after pipelined DATA: host smtp.nw.uwplatt.edu
[137.104.128.91]: 554 Error: no valid recipients
error for DATA ignored: pipelining is in use and there were no good recipients
ok=1 send_quit=1 send_rset=1 continue_more=0 yield=0 first_address is NULL
transport_check_waiting entered
  sequence=1 local_max=500 global_max=-1
locking /var/spool/exim4/db/wait-remote_smtp_smarthost.lockfile
locked /var/spool/exim4/db/wait-remote_smtp_smarthost.lockfile
opened hints database /var/spool/exim4/db/wait-remote_smtp_smarthost: flags=2
dbfn_read: key=smtp.nw.uwplatt.edu
no messages waiting for smtp.nw.uwplatt.edu
  SMTP>> QUIT
set_process_info:  3557 delivering 1GtaKL-00017m-5H: just tried
smtp.nw.uwplatt.edu [137.104.128.91] for username@domain.org: result OK
Leaving remote_smtp_smarthost transport
set_process_info:  3557 delivering 1GtaKL-00017m-5H (just run
remote_smtp_smarthost for username@domain.org in subprocess)
search_tidyup called
reading pipe for subprocess 3557 (not ended)
read() yielded 229
Z0 item read
remote delivery process 3557 ended
set_process_info:  3556 delivering 1GtaKL-00017m-5H
post-process username@domain.org (2)
LOG: MAIN
  ** username@domain.org R=smarthost T=remote_smtp_smarthost: SMTP error from
remote mailer after RCPT TO:<username@domain.org>: host
smtp.nw.uwplatt.edu [137.104.128.91]: 550 <username@domain.org>: Recipient
address rejected: No such domain at this location
(username@domain.org)
>>>>>>>>>>>>>>>> deliveries are
done >>>>>>>>>>>>>>>>
changed uid/gid: post-delivery tidying
  uid=102 gid=102 pid=3556
  auxiliary group list: <none>
set_process_info:  3556 tidying up after delivering 1GtaKL-00017m-5H
Processing retry items
Succeeded addresses:
Failed addresses:
Deferred addresses:
username@domain.org: no retry items
end of retry processing
LOG: MAIN
  Frozen (delivery error message)
delivery deferred: update_spool=1 header_rewritten=0
Writing spool header file
Size of headers = 445
end delivery of 1GtaKL-00017m-5H
search_tidyup called
search_tidyup called
>>>>>>>>>>>>>>>> Exim pid=3556
terminating with rc=0
>>>>>>>>>>>>>>>>

On Mon, Dec 11, 2006 at 02:31:22PM -0600, Matthew Roberts
wrote:
> It didn''t seem to help.  I''ve attached debug information
(less
> obfuscated than before).  In fact, when I look at the actual
> SMTP connection, it doesn''t look like anything changed.
The key seems to be:
|scanning authentication mechanisms
|plain authenticator yielded 12
|login authenticator yielded 12

Googling for "authenticator yielded 12" pointed me towards Debian Bug
#311211. I suspect that you have a similiar problem.

You seem to have smtp.nw.uwplatt.edu as a smarthost. This resolves to
two IP addresses, which have different reverse names:
|$ host smtp.nw.uwplatt.edu
|smtp.nw.uwplatt.edu has address 137.104.128.92
|smtp.nw.uwplatt.edu has address 137.104.128.91
|$ host 137.104.128.92
|92.128.104.137.in-addr.arpa domain name pointer twofish.uwplatt.edu.
|$ host 137.104.128.91
|91.128.104.137.in-addr.arpa domain name pointer onefish.uwplatt.edu.
|$ host twofish.uwplatt.edu
|twofish.uwplatt.edu has address 137.104.128.92
|$ host onefish.uwplatt.edu
|onefish.uwplatt.edu has address 137.104.128.91
|$

That way, you''ll need to have passwd.client entries for
twofish.uwplatt.edu and onefish.uwplatt.edu. Do you have these?

More information might be found in Debian bug #244724 and
http://pkg-exim4.alioth.debian.org/README/exim4-config_files.5.html
(unfortunately, that man page is only in etch and sid, not in sarge).

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835