I've recently setup Exim4 on an Ubuntu 10.04 server with Courier. Everything is working fine for local mail deliver, the only missing piece is SMTP Authentication. I have an account setup on the server in Courier however whenever I try to send to the host it never prompts me for authentication and reports back the following:
Error while Sending message.
RCPT TO <[email protected]> failed: relay not permitted
I ran exim in "super debug mode" and received the following:
Exim version 4.71 uid=0 gid=0 pid=28644 D=fbb95cfd
Berkeley DB: Berkeley DB 4.8.24: (August 14, 2009)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DKIM Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
GnuTLS compile-time version: 2.8.5
GnuTLS runtime version: 2.8.5
changed uid/gid: forcing real = effective
uid=0 gid=0 pid=28644
auxiliary group list: <none>
seeking password data for user "uucp": cache not available
getpwnam() succeeded uid=10 gid=10
configuration file is /var/lib/exim4/config.autogenerated
log selectors = 00000ffc 00612001
cwd=/etc/exim4 5 args: exim -d+acl+auth -oX 588 -bd
trusted user
admin user
seeking password data for user "mail": cache not available
getpwnam() succeeded uid=8 gid=8
seeking password data for user "mail": using cached result
getpwnam() succeeded uid=8 gid=8
user name "root" extracted from gecos field "root"
originator: uid=0 gid=0 login=root name=root
28644 daemon_smtp_port overridden by -oX:
28644 <: 588
28644 listening on 205.186.156.60 port 588
28644 changed uid/gid: running as a daemon
28644 uid=111 gid=113 pid=28644
28644 auxiliary group list: 113
28644 LOG: MAIN
28644 exim 4.71 daemon started: pid=28644, no queue runs, listening for SMTP on [205.186.156.60]:588
28644 set_process_info: 28644 daemon: no queue runs, listening for SMTP on [205.186.156.60]:588
28644 daemon running with uid=111 gid=113 euid=111 egid=113
28644 Listening...
28644 Connection request from 173.66.235.14 port 32994
28644 search_tidyup called
28644 1 SMTP accept process running
28644 Listening...
31812 sender_fullhost = [173.66.235.14]
31812 sender_rcvhost = [173.66.235.14]
31812 Process 31812 is handling incoming connection from [173.66.235.14]
31812 host in host_lookup? no (option unset)
31812 set_process_info: 31812 handling incoming connection from [173.66.235.14]
31812 host in host_reject_connection? no (option unset)
31812 host in sender_unqualified_hosts? no (option unset)
31812 host in recipient_unqualified_hosts? no (option unset)
31812 host in helo_verify_hosts? no (option unset)
31812 host in helo_try_verify_hosts? no (option unset)
31812 host in helo_accept_junk_hosts? no (option unset)
31812 SMTP>> 220 dagobah.seacrow.org ESMTP Exim 4.71 Sat, 13 Nov 2010 22:20:22 -0500
31812 Process 31812 is ready for new message
31812 smtp_setup_msg entered
31812 SMTP<< EHLO [192.168.1.6]
31812 [192.168.1.6] in helo_lookup_domains? no (end of list)
31812 sender_fullhost = ([192.168.1.6]) [173.66.235.14]
31812 sender_rcvhost = [173.66.235.14] (helo=[192.168.1.6])
31812 set_process_info: 31812 handling incoming connection from ([192.168.1.6]) [173.66.235.14]
31812 host in pipelining_advertise_hosts? yes (matched "*")
31812 host in auth_advertise_hosts? yes (matched "*")
31812 host in tls_advertise_hosts? no (option unset)
31812 SMTP>> 250-dagobah.seacrow.org Hello [192.168.1.6] [173.66.235.14]
31812 250-SIZE 52428800
31812 250-PIPELINING
31812 250 HELP
31812 SMTP<< MAIL FROM:<[email protected]>
31812 using ACL "acl_check_mail"
31812 processing "accept"
31812 accept: condition test succeeded
31812 SMTP>> 250 OK
31812 SMTP<< RCPT TO:<[email protected]>
31812 using ACL "acl_check_rcpt"
31812 processing "accept"
31812 check hosts = :
31812 host in ":"? no (end of list)
31812 accept: condition test failed
31812 processing "deny"
31812 check domains = +local_domains
31812 search_open: dsearch "/etc/valiases"
31812 search_find: file="/etc/valiases"
31812 key="gmail.com" partial=-1 affix=NULL starflags=0
31812 LRU list:
31812 4/etc/valiases
31812 End
31812 internal_search_find: file="/etc/valiases"
31812 type=dsearch key="gmail.com"
31812 file lookup required for gmail.com
31812 in /etc/valiases
31812 lookup failed
31812 search_open: dsearch "/var/mail/virtual"
31812 search_find: file="/var/mail/virtual"
31812 key="gmail.com" partial=-1 affix=NULL starflags=0
31812 LRU list:
31812 4/var/mail/virtual
31812 4/etc/valiases
31812 End
31812 internal_search_find: file="/var/mail/virtual"
31812 type=dsearch key="gmail.com"
31812 file lookup required for gmail.com
31812 in /var/mail/virtual
31812 lookup failed
31812 gmail.com in "@:localhost:dsearch;/etc/valiases:dsearch;/var/mail/virtual"? no (end of list)
31812 gmail.com in "+local_domains"? no (end of list)
31812 deny: condition test failed
31812 processing "deny"
31812 check domains = !+local_domains
31812 cached no match for +local_domains
31812 cached lookup data = NULL
31812 gmail.com in "!+local_domains"? yes (end of list)
31812 check local_parts = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
31812 marco.ceppi.use in "^[./|] : ^.*[@%!`#&?] : ^.*/\.\./"? no (end of list)
31812 deny: condition test failed
31812 processing "accept"
31812 check local_parts = postmaster
31812 marco.ceppi.use in "postmaster"? no (end of list)
31812 accept: condition test failed
31812 processing "deny"
31812 check !acl = acl_local_deny_exceptions
31812 using ACL "acl_local_deny_exceptions"
31812 processing "accept"
31812 check hosts = ${if exists{/etc/exim4/host_local_deny_exceptions}{/etc/exim4/host_local_deny_exceptions}{}}
31812 host in ""? no (end of list)
31812 accept: condition test failed
31812 processing "accept"
31812 check senders = ${if exists{/etc/exim4/sender_local_deny_exceptions}{/etc/exim4/sender_local_deny_exceptions}{}}
31812 [email protected] in ""? no (end of list)
31812 accept: condition test failed
31812 processing "accept"
31812 check hosts = ${if exists{/etc/exim4/local_host_whitelist}{/etc/exim4/local_host_whitelist}{}}
31812 host in ""? no (end of list)
31812 accept: condition test failed
31812 processing "accept"
31812 check senders = ${if exists{/etc/exim4/local_sender_whitelist}{/etc/exim4/local_sender_whitelist}{}}
31812 [email protected] in ""? no (end of list)
31812 accept: condition test failed
31812 end of ACL "acl_local_deny_exceptions": implicit DENY
31812 check senders = ${if exists{/etc/exim4/local_sender_callout}{/etc/exim4/local_sender_callout}{}}
31812 [email protected] in ""? no (end of list)
31812 deny: condition test failed
31812 processing "accept"
31812 check hosts = +relay_from_hosts
31812 host in ": 127.0.0.1 : ::::1"? no (end of list)
31812 host in "+relay_from_hosts"? no (end of list)
31812 accept: condition test failed
31812 processing "accept"
31812 check authenticated = *
31812 accept: condition test failed
31812 processing "require"
31812 check domains = +local_domains : +relay_to_domains
31812 cached no match for +local_domains
31812 cached lookup data = NULL
31812 gmail.com in "empty"? no (end of list)
31812 gmail.com in "+local_domains : +relay_to_domains"? no (end of list)
31812 require: condition test failed
31812 SMTP>> 550 relay not permitted
31812 LOG: MAIN REJECT
31812 H=([192.168.1.6]) [173.66.235.14] F=<[email protected]> rejected RCPT <[email protected]>: relay not permitted
31812 SMTP<< QUIT
31812 SMTP>> 221 dagobah.seacrow.org closing connection
31812 LOG: smtp_connection MAIN
31812 SMTP connection from ([192.168.1.6]) [173.66.235.14] closed by QUIT
31812 search_tidyup called
28644 child 31812 ended: status=0x0
28644 0 SMTP accept processes now running
28644 Listening...
I noticed that it doesn't have courier listed in the Authenticators line at the top of the output. Which I believe is the issue I'm encountering. I don't know how to make it look for Courier. I have the following in my Authenticators section:
begin authenticators
plain_courier_authdaemon:
driver = plaintext
public_name = PLAIN
server_condition = \
${extract {ADDRESS} \
{${readsocket{/var/run/courier/authdaemon/socket} \
{AUTH ${strlen:exim\nlogin\n$auth2\n$auth3\n}\nexim\nlogin\n$auth2\n$auth3\n} }} \
{yes} \
fail}
server_set_id = $auth2
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
.endif
login_courier_authdaemon:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_condition = \
${extract {ADDRESS} \
{${readsocket{/var/run/courier/authdaemon/socket} \
{AUTH ${strlen:exim\nlogin\n$auth1\n$auth2\n}\nexim\nlogin\n$auth1\n$auth2\n} }} \
{yes} \
fail}
server_set_id = $auth1
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
.endif
cram_md5:
driver = cram_md5
public_name = CRAM-MD5
client_name = ${extract{1}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
client_secret = ${extract{2}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
PASSWDLINE=${sg{\
${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\
}\
{\\N[\\^]\\N}\
{^^}\
}
plain:
driver = plaintext
public_name = PLAIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
client_send = "<; ${if !eq{$tls_cipher}{}\
{^${extract{1}{:}{PASSWDLINE}}\
^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}\
}fail}"
.else
client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\
^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.endif
login:
driver = plaintext
public_name = LOGIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
client_send = "<; ${if and{\
{!eq{$tls_cipher}{}}\
{!eq{PASSWDLINE}{}}\
}\
{}fail}\
; ${extract{1}{::}{PASSWDLINE}}\
; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.else
client_send = "<; ${if !eq{PASSWDLINE}{}\
{}fail}\
; ${extract{1}{::}{PASSWDLINE}}\
; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.endif
(Comments have been stripped from output)
Of course minutes after asking, and hours of searching prior to asking, I figured it out. I'm not using TLS (yet) on this mail server so I needed to add
AUTH_SERVER_ALLOW_NOTLS_PASSWORDS = true
to the top of the exim4.conf.template file.