Re: SMTP smart host authentication fails

On Sat, Oct 27, 2007 at 08:46:40PM -0400, Haines Brown wrote:
"Douglas A. Tutty" <dtutty@xxxxxxxxxxxxx> writes:

> 1. In /etc/exim4/passwd.client I inserted this line (where "<PW>" is
my plain test password):

mymail.myregisteredsite.com:hartford-hwp.com:<PW>

Yeah, redirects sort of mess up exim. That's why I would use:

*:[username]:[PW]

Is your login user-name really hartford-hwp.com?

Yes, that is my username. So you are recommending:

*:hartford-hwp.com:<PW>

But can a wildcard replace the name of the server like this?

Yes. No matter what host asks exim for auth, it will give this username
and password. That _could_ be a problem but I'd sugggest that you at
least start with this to make sure it works. Then if you like, you
could add a few discreet entries for the names of systems that try to
auth.


2. In exim4 configuration, I have to specify the smtp server. In
/etc/exim4/update.exim.conf.conf I have the line:

dc_smarthost='mymail.myregisteredsite.com'


I would stick to the name they gave you. Otherwise, exim will try to
contact that box directly and that box is likely configured to only
acccept stuff from smtp.hardford-hwp.com

OK, I'll revert as you suggest.

3. I have not specified the authentication method. After speaking with
my tech support supervisor's supervisor, all I could get was that
the authentication method is "basic", "ordinary". Only later one
person suggested that "basic" is really plain
authentication. Assuming this is correct, I did not make any
changes to the /etc/exim4/exim4.conf.template file, which
apparently defaults to the plain text authentication method. I have
no trouble accessing the POP server.

Is your pop-server username hartford-hwp.com as well?

Pop sercver is pop.hartford-hwp.com; smtp server is smtp.hartford-hwp.com

They look like server names not user names for a login session.


inetd.conf is for incoming ports. Opening a port in the sense they mean
is opening a port in your own firewall to let exim call out on port 587.
The standard port per /etc/services would be 465.

I reverted to port 25, but no luck

So, do you have a firewall?

This may be my problem: I have a hardware firewall. However, if I'm
using port 25 for smtp, wouldn't my firewall let it through? Is the
fact that it's now SSL require a change in my hardware firewall?


YES. Absolutley. You've told exim to contact smtp on port 587 but if
your firewall is blocking connections on port 587 then nothing will get
through.

I know that whenever I make changes to exim configuration or to the
inetd.conf file, I must restart. Will both of these commands do it
(I'm using debian Etch)? That is, does reconfiguring Exim also restart
inetd, and does restarting inetd also rescan Exim4 configuration?

# dpkg-reconfigure exim4-config
# /usr/sbin/initd restart


There is no such file as /usr/sbin/initd to restart.

However, there is /etc/init.d/exim4 restart.

Ouch. I was led astray here. Running the command didn't have cause
feedback, which I took as good news. I'm now using # invoke-rc.d exim4
restart , which I assume does the same as # /etc/init.d/exim4 restart

invoke-rc.d is for package scripts to use so that they follow any
local-administrator set policies. Your _are_ the local administrator
and you don't want somebody else's magic from keeping the script from
running. You want the script to run so just directly tell the script to
run with /etc/init.d/exim4 restart.

My problem may be my hardware firewall, not so much the port, but the
protocol for SSL SMTP smtp or smtps?).

according to /etc/services that's ssmtp. But who cares? You tell the
firewall what port to open. Your ISP told you what port to use so you
tell the firewall and you tell exim.

Doug.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

Relevant Pages

  • Whats blocking Port 25?
    ... *entirely* a firewall issue. ... I have my own domain, running its own DNS, smtp host, ... I'm using exim 4.41, compiled from source, as my MTA. ... answering that Port 25 is closed. ...
    (Debian-User)
  • Re: SMTP smart host authentication fails
    ... redirects sort of mess up exim. ... is opening a port in your own firewall to let exim call out on port 587. ... I have a hardware firewall. ... does reconfiguring Exim also restart ...
    (Debian-User)
  • Re: [opensuse] Firewall & UDP
    ... Firewall Zone: Internal -> Add a souce 192.168.0.4 with UDP protocol ... with source port 127. ... rcSuSEfirewall2 restart ...
    (SuSE)
  • Re: SMTP smart host authentication fails
    ... No matter what host asks exim for auth, ... Pop sercver is pop.hartford-hwp.com; smtp server is smtp.hartford-hwp.com ... using port 25 for smtp, wouldn't my firewall let it through? ... fact that it's now SSL require a change in my hardware firewall? ...
    (Debian-User)
  • Re: SMTP smart host authentication fails
    ... No matter what host asks exim for auth, ... Pop sercver is pop.hartford-hwp.com; smtp server is smtp.hartford-hwp.com ... using port 25 for smtp, wouldn't my firewall let it through? ... fact that it's now SSL require a change in my hardware firewall? ...
    (Debian-User)