Pkg exim4 users - Jan 2008 - cyrus sasl authentication problems

Ross Boylan <ross at biostat.ucsf.edu> wrote:
> I have been trying to authenticate using the same account database as my
> Cyrus imap server.  I can''t even seem to get very useful debugging
> output.  I would appreciate any help.
> Following suggestions earlier on this list, I run (as root)
> exim -d -oX 198.144.201.14.27 -bd 2>&1
> and ran swaks on the client.
> The terminal running exim shows a lot of information (see below), but
> absolutely nothing when I try to connect to it.
[...]
> 4186 daemon running with uid=103 gid=103 euid=103 egid=103
> 4186 Listening...
> # everything above here preceded client connection
> # and nothing more appears after that.
This strongly suggests that you are simply not connecting to *this*
exim instance. Just comnnecting with telnet, without even issueing a
command should show more than a dozen lines of output. (there is even
more info with  -d+all-memory instead of -d).
cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.''
`I sew his ears on from time to time, sure''

On Sat, 2008-01-19 at 14:24 +0100, Andreas Metzler
wrote:
> Ross Boylan <ross at biostat.ucsf.edu> wrote:
> > I have been trying to authenticate using the same account database as
my
> > Cyrus imap server.  I can''t even seem to get very useful
debugging
> > output.  I would appreciate any help.
> 
> > Following suggestions earlier on this list, I run (as root)
> > exim -d -oX 198.144.201.14.27 -bd 2>&1
> > and ran swaks on the client.
> 
> > The terminal running exim shows a lot of information (see below), but
> > absolutely nothing when I try to connect to it.
> [...]
> > 4186 daemon running with uid=103 gid=103 euid=103 egid=103
> > 4186 Listening...
> > # everything above here preceded client connection
> > # and nothing more appears after that.
> 
> This strongly suggests that you are simply not connecting to *this*
> exim instance.
Correct.
>  Just comnnecting with telnet, without even issueing a
> command should show more than a dozen lines of output. (there is even
> more info with  -d+all-memory instead of -d).
> cu andreas
Sorry, I thought I posted the end of the story on this list:  the real
problem was getting the domains right.  Internally, if you are on
machine x.y.com, SASL stores the user "names" as name at x.  To match
this,
one needs to set the realm to "x" (not x.y.com, not blank) in the exim
authenticator.  At least, that''s what I got after following the Debian
cyrus/sasl advice.  The Debian exim template says the domain should be
the "short host name".  Now I know what the "short" meant.