2

I'm trying to debug a problem with email sending on my home machine, possibly a router related problem. This is on Debian squeeze with Exim 4.72-6+squeeze3 (the default Exim 4 Debian package for this release).

I'm getting a Relaying denied. Proper authentication required error.

A reasonable first step is to determine what port my Exim 4 client is currently attempting to use. However, this seems to be surprisingly difficult to find out.

The Debian documentation tells me that the Debian Exim tries to use TLS if available, but I don't know how to confirm that either. Here is an example from my Exim client log (/var/log/exim4/mainlog), when mail sending was still working.

2013-04-28 15:04:30 1UWNzx-00084Y-EO => foo@bar.com R=smarthost T=remote_smtp_smarthost H=email32.luxsci.com [
64.39.7.160] X=TLS1.0:RSA_AES_256_CBC_SHA1:32 DN="serialNumber=OeuJg-G-8alU-6KqWL5z-WwlWFVKQgwj,C=US,ST=Massachusetts,L=Dedham,O=Lux    
Scientiae,OU=Secure Services,CN=*.luxsci.com"

Does the TLS1 mean TLS is being used, or is it just a meaningless string? Assuming it is using TLS, then that suggests that port 465 is used, since that is apparently the default. But how can I confirm any of this?

Here is a version of the currently failing mail sending.

2013-05-05 22:11:28 1UZ0OM-0003SM-6Z ** faheem@faheem.info R=smarthost T=remote_smtp_smarthost: SMTP error from remote mail server after RCPT    
TO:<faheem@faheem.info
>: host secure-email-32.luxsci.com [64.39.7.160]: 550 5.7.1 <faheem@faheem.info>... Relaying denied. Proper authentication required.
Faheem Mitha
  • 470
  • 1
  • 5
  • 13
  • 1
    The proper thing to do is test the routing with `exim -bt user@domain` first. To check what port is being used `lsof -i -P | grep exim` – dawud May 05 '13 at 20:43
  • For the former, I get `exim -bt user@domain R: smarthost for user@domain user@domain router = smarthost, transport = remote_smtp_smarthost host email32.luxsci.com [64.39.7.160]` For the latter, I get `lsof -i -P | grep exim exim4 25829 Debian-exim 3u IPv4 784099 0t0 TCP orwell:25 (LISTEN)`. Forgive my ignorance, but does that mean the connection is happening on port 25? I thought the port referred to that on the remote machine, though. – Faheem Mitha May 05 '13 at 21:06
  • It is not clear from the info you provided in the question where are you trying to connect to, nor if the remote server uses authentication or TLS. The `user@domain`part wasn't meant to be written literally, rather replaced by the actual mail address you are supposed to be using. – dawud May 05 '13 at 21:09
  • I'm trying to pass my messages on to a smarthost, which *does* provide TLS. As far as the `exim -bt` command goes, I get the same result as already posted, with any email address I use. It appears emails *are* being both being accepted, and not being accepted, in a single queue run, so there may be something funky going on with the smarthost. – Faheem Mitha May 05 '13 at 21:15

2 Answers2

1

You may want to add a log line showing the port that is actually used during this very connection. Something like (not sure if you really need the condition)

warn    condition       = yes
        log_message     = Port: $received_port

in the beginning of your check_helo acl.

Hardy
  • 11
  • 1
0

It seems that
1) your exim sends outgoing email via smart host
2) the smart host refuses to relay (accept to send send further) without SMTP AUTH

Your Exim (by default) should use port 25.
secure-email-32.luxsci.com offers STARTTLS extension of ESMTP protocol => your MTA/exim can turn unencrypted SMTP connection into encrypted one (the same TCP connection).
secure-email-32.luxsci.com offers only "plain text" methods of SMTP AUTH (LOGIN and PLAIN) so your exim SHOULD use them after STARTTLS command

AnFi
  • 886
  • 4
  • 10
  • It seems that my setup is basically Ok, because the messages get accepted at least some of the time. However, the messages are also getting rejected some of the time, sometimes in the same delivery attempt. In any case, I'd like to know how to determine what port Exim is using to attempt to deliver these messages via SMTP. – Faheem Mitha May 05 '13 at 21:41
  • The host may accept its "local email domains" without authentication. – AnFi May 06 '13 at 06:04
  • I've been testing using disposable email addresses, and these go through. These aren't local email domains by any definition. – Faheem Mitha May 06 '13 at 10:37
  • Well, when I say they go through, they do some of the time. The authentication intermittently fails, for no apparent reason. – Faheem Mitha May 06 '13 at 10:56