Bug#323565: exim4-config: smarthost always tries to authenticate if AUTH is advertised

Andreas Metzler ametzler at downhill.at.eu.org
Fri Aug 19 18:19:03 UTC 2005


On 2005-08-18 Marc Haber <mh+debian-packages at zugschlus.de> wrote:
> On Thu, Aug 18, 2005 at 07:34:16PM +0200, Andreas Metzler wrote:
>> Well. Depends on what you consider "try to authenticate" to be. exim4
>> will walk through the common set of remotely advertised and locally
>> defined authenticators. - When "running" the authenticators it will
>> try to lookup first the key "hostname of smarthost" and after that fails
>> "*" in CONFDIR/passwd.client.
 
>> With the default CONFDIR/passwd.client both lookups will fail, and the
>> authenticators will stop being executed. And exim4 will not send any
>> AUTH command but will simply try sending unauthenticated.
[...]
> Have $remote offer LOGIN and run the connection over TLS.

Ah, beloved LOGIN.

This patch fixes this, by forcing failure early enough if the
lookup for $host either fails or returns an empty string.

It works for me, i.e. AUTH LOGIN still works afterwards and the
useless AUTH is not sent anymore.
-------------------
--- /etc/exim4/exim4.conf.template	2005-06-28 20:06:51.000000000 +0200
+++ exim4.conf.template	2005-08-19 20:10:57.650453912 +0200
@@ -1692,7 +1692,11 @@
   driver = plaintext
   public_name = LOGIN
 .ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
-  client_send = "${if !eq{$tls_cipher}{}{}fail}\
+  client_send = "${if and{\
+                          {!eq{$tls_cipher}{}}\
+                          {!eq{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}{}}\
+                         }\
+                      {}fail}\
                  : ${extract{1}{::}\
 		        {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} \
 		 : ${extract{2}{::}\
-------------------

a similar change will go into the .else clause, but I am too lazy for
that now.
            cu andreas
-- 
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"
                                           http://downhill.aus.cc/




More information about the Pkg-exim4-maintainers mailing list