Bug#323565: exim4-config: smarthost always tries to authenticate if AUTH is advertised

Andreas Metzler ametzler at downhill.at.eu.org
Thu Aug 18 17:34:16 UTC 2005


On 2005-08-17 Marc Haber <mh+debian-bugs at zugschlus.de> wrote:
> Package: exim4-config
> Version: 4.52-1
> Severity: normal

> 30_exim4-config_remote_smtp_smarthost says

> hosts_try_auth = ${if exists {CONFDIR/passwd.client}{DCsmarthost}{}}

> Since exim4 shows a CONFDIR/passwd.clinent file, an exim client will
> always try to authenticate to the smarthost if the smarthost
> advertises AUTH.

> This is a bug, because exim should only try to authenticate when
> actual authentication data is present.
[...]

Hello,
Well. Depends on what you consider "try to authenticate" to be. exim4
will walk through the common set of remotely advertised and locally
defined authenticators. - When "running" the authenticators it will
try to lookup first the key "hostname of smarthost" and after that fails
"*" in CONFDIR/passwd.client.

With the default CONFDIR/passwd.client both lookups will fail, and the
authenticators will stop being executed. And exim4 will not send any
AUTH command but will simply try sending unauthenticated. See the
example below, which is rather short as $remote only offers CRAM-MD5.

To repeat: Remote will not see us "trying to authenticate", the only
price payed is a little bit of wasted CPU-time and two file lookups.
                cu andreas

------------------
         250-AUTH CRAM-MD5
         250 HELP
83.151.30.59 in hosts_require_tls? no (option unset)
using PIPELINING
83.151.30.59 in hosts_require_auth? no (option unset)
gethostbyname2(af=inet6) returned 4 (NO_DATA)
gethostbyname2 looked up these IP addresses:
  name=downhill.aus.cc address=83.151.30.59
83.151.30.59 in hosts_try_auth? yes (matched "downhill.aus.cc")
scanning authentication mechanisms
search_open: lsearch "/etc/exim4/passwd.client"
search_find: file="/etc/exim4/passwd.client"
  key="downhill.aus.cc" partial=-1 affix=NULL starflags=1
LRU list:
  :/etc/exim4/passwd.client
  End
internal_search_find: file="/etc/exim4/passwd.client"
  type=lsearch key="downhill.aus.cc"
file lookup required for downhill.aus.cc
  in /etc/exim4/passwd.client
lookup failed
trying to match *
internal_search_find: file="/etc/exim4/passwd.client"
  type=lsearch key="*"
file lookup required for *
  in /etc/exim4/passwd.client
lookup failed
search_open: lsearch "/etc/exim4/passwd.client"
  cached open
search_find: file="/etc/exim4/passwd.client"
  key="downhill.aus.cc" partial=-1 affix=NULL starflags=1
LRU list:
  :/etc/exim4/passwd.client
  End
internal_search_find: file="/etc/exim4/passwd.client"
  type=lsearch key="downhill.aus.cc"
cached data used for lookup of downhill.aus.cc
  in /etc/exim4/passwd.client
lookup failed
trying to match *
internal_search_find: file="/etc/exim4/passwd.client"
  type=lsearch key="*"
cached data used for lookup of *
  in /etc/exim4/passwd.client
lookup failed
cram_md5 authenticator yielded 13
  SMTP>> MAIL FROM:<ametzler at xxxxxxxx.yyy.zz> SIZE=1381
[...]
------------------

-- 
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"
                                           http://downhill.aus.cc/




More information about the Pkg-exim4-maintainers mailing list