Hi -- I just asked this question on debian-user and was told by Greg Folkert that it would probably be better to ask here, along with good words about Mark Haber and Andreas Metzler. Here''s what I wrote there - I''d love if someone might be able to shed a little light on this for me... : Just trying Exim, coming from a long time of Sendmail. Curious how this might be handled, if it can be. I realize this is a buggy mail client problem, but such is the way of the things. Synopsis: Buggy client wants to relay a message via Exim server to a foreign domain, authenticating to Exim with TLS/PLAIN Client program initiates EHLO with Exim server. Exim says Hello STARTTLS and AUTH get advertised. Buggy client likes STARTTLS and starts it. Exim says TLS - go ahead! Exim and buggy client happily chatting encryptically. Buggy client does not say EHLO again, but instead AUTH LOGIN Exim says, I didn''t advertise that! And errors: AUTH command used when not advertised. So, authorization fails, and the message cannot be relayed, and it is rejected with relay not permitted since nothing else would allow it to relay (which it shouldn''t). Now, I''m reasonably sure that the client is supposed to say EHLO again after a STARTTLS. But it''s buggy. Does anyone know if there some way to make Exim be a little more forgiving, and not error out of auth because it didn''t advertise AUTH? Or, really, have it not mind getting the second EHLO? Sendmail doesn''t seem to mind this behavior at all. But that''s neither here nor there. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.alioth.debian.org/pipermail/pkg-exim4-users/attachments/20070421/c2efcdb9/attachment.html
Marc Haber
2007-Apr-24 09:25 UTC
[Pkg-exim4-users] Exim4 EHLO/STARTTLS/AUTH and buggy client
On Sat, Apr 21, 2007 at 10:54:43AM -0700, Mark wrote:> Synopsis: Buggy client wants to relay a message via Exim server to a foreign > domain, authenticating to Exim with TLS/PLAIN > > Client program initiates EHLO with Exim server. > Exim says Hello > STARTTLS and AUTH get advertised. > Buggy client likes STARTTLS and starts it. > Exim says TLS - go ahead! > Exim and buggy client happily chatting encryptically. > Buggy client does not say EHLO again, but instead AUTH LOGIN > Exim says, I didn''t advertise that! And errors: AUTH command used when not > advertised.I did not find a solution for this by glancing through the docs. Granted that nobody else commented on this mailing list, I''d like to suggest that you ask on the upstream mailing list exim-users@exim.org. If people there tell you to go here, tell them that Debian doesn''t modify exim''s authentication behavior. I''ll monitor exim-users and intervene if necessary. Sorry to give you the runaround. I apologize. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190