Exim domainowners Auth problem

davidb

Verified User
Joined
Oct 9, 2004
Messages
59
The "real" user accounts (i.e. domainowners) no longer are able to send with auth turned on.

RH9 based platform
 
Is there any kind of error message? I'd also check /var/log/exim/mainlog immediately after a failure to see what gets logged.

Jeff
 
Finally got a chance to look back on this for a few..

2006-11-14 09:01:05 plain authenticator failed for ip-207-145-49-78.sjc.megapath.net ([10.5.50.245]) [207.145.49.78]: 535 Incorrect authentication data (set_id=byte)
2006-11-14 09:01:05 login authenticator failed for ip-207-145-49-78.sjc.megapath.net ([10.5.50.245]) [207.145.49.78]: 535 Incorrect authentication data (set_id=byte)

Those are the errors.. The exim.conf is custom as I use an off-box spam solution. If you guys are willing to take a look, I will post it. I imagine I may have something screwed there. I haven't changed anything in the exim.pl
 
here's my exim.conf

local_interfaces = 0.0.0.0.25 : 0.0.0.0.10025 : 0.0.0.0.2525

primary_hostname = lh1.web-host.net






perl_startup = do '/etc/exim.pl'


system_filter = /etc/system_filter.exim



message_size_limit = 20M
smtp_receive_timeout = 5m
smtp_accept_max = 100
message_body_visible = 3000


helo_allow_chars = _



log_selector = \
+delivery_size \
+sender_on_delivery \
+received_recipients \
+received_sender \
+smtp_confirmation \
+subject \
+smtp_incomplete_transaction \
-dnslist_defer \
-host_lookup_failed \
-queue_run \
-rejected_header \
-retry_defer \
-skip_delivery

syslog_duplication = false


acl_smtp_rcpt = check_recipient
acl_smtp_data = check_message


domainlist blacklist_domains = lsearch;/etc/virtual/blacklist_domains
domainlist whitelist_from = lsearch;/etc/virtual/whitelist_from
domainlist local_domains = lsearch;/etc/virtual/domains
domainlist relay_domains = lsearch;/etc/virtual/domains : localhost
domainlist use_rbl_domains = lsearch;/etc/virtual/domains
hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : 127.0.0.1 : 208.65.113.140 : 208.65.113.141 : 208.65.113.142

hostlist auth_relay_hosts = *





allow_domain_literals = false


never_users = root


host_lookup = *


rfc1413_hosts = *
rfc1413_query_timeout = 0s



ignore_bounce_errors_after = 2d


timeout_frozen_after = 5d


trusted_users = mail:majordomo:apache:diradmin




tls_certificate = /etc/exim.cert
tls_privatekey = /etc/exim.key

tls_advertise_hosts = *


begin acl

check_recipient:

accept hosts = :

deny domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]


deny domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

accept domains = +whitelist_from

accept local_parts = postmaster
domains = +local_domains

accept local_parts = abuse
domains = +local_domains

accept local_parts = hostmaster
domains =+local_domains


accept local_parts = support
domains = web-host.net

deny message = You may think you're legal but you're still an unwanted spammer
domains = +use_rbl_domains
sender_domains = +blacklist_domains


require verify = sender

domains = +use_rbl_domains
dnslists = sbl.spamhaus.org : \
relays.ordb.org : \
dnsbl.sorbs.net=127.0.0.5

hosts = !+relay_hosts
domains =+use_rbl_domains
!authenticated = *
dnslists = cbl.abuseat.org : \
dnsbl.sorbs.net!=127.0.0.6

domains =+use_rbl_domains
dnslists = rhsbl.sorbs.net/$sender_address_domain

accept domains = +local_domains
endpass
verify = recipient

accept domains = +relay_domains
endpass
verify=recipient


accept hosts = +relay_hosts
accept hosts = +auth_relay_hosts
endpass
message = authentication required
authenticated = *
deny message = relay not permitted

deny message = relay not permitted

check_message:
accept



begin authenticators

plain:
driver = plaintext
public_name = PLAIN
server_condition = "${perl{smtpauth}}"
server_set_id = $2

login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${perl{smtpauth}}"
server_set_id = $1





begin routers



lookuphost:
driver = dnslookup
domains = ! +local_domains
ignore_target_hosts = 127.0.0.0/8
condition = "${perl{check_limits}}"
transport = remote_smtp
no_more

majordomo_private_vrfy:
driver = redirect
allow_defer
allow_fail
condition = "${if eq {$received_protocol} {local} \
{true} {false} }"
data = ${if exists{/etc/virtual/${domain}/majordomo/private.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/private.aliases}}}}
domains = lsearch;/etc/virtual/domainowners
verify_only
pass_router = majordomo_private

majordomo_aliases_vrfy:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/etc/virtual/${domain}/majordomo/list.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/list.aliases}}}}
domains = lsearch;/etc/virtual/domainowners
verify_only
pass_router = majordomo_aliases

check_system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
verify_only
pass_router = amavis

virtual_aliases_nostar_vrfy:
driver = redirect
condition = "${if or {{eq {$interface_port}{10025}} \
{eq {$received_protocol}{spam-scanned}} \
{eq {$sender_address}{}} \
}{0}{1}}"
allow_defer
allow_fail
data = ${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}}
verify_only
pass_router = amavis

virtual_user_vrfy:
driver = accept
condition = ${if eq {}{${if exists{/etc/virtual/${domain}/passwd}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}}}}}{no}{yes}}
domains = lsearch;/etc/virtual/domainowners
verify_only
pass_router = amavis

virtual_aliases_vrfy:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}}
verify_only
pass_router = amavis

check_localuser:
driver = accept
check_local_user
verify_only
pass_router = amavis

failed_address_router:
driver = accept
verify_only
fail_verify


amavis:
driver = manualroute
condition = "${if or {{eq {$interface_port}{10025}} \
{eq {$received_protocol}{spam-scanned}}\
{eq {$received_protocol}{local}}\
{eq {$sender_address}{}} \
}{0}{1} }"
transport = amavis
route_list = "* mailguard.web-host.net byname"
self = send

dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more







majordomo_aliases:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/etc/virtual/${domain}/majordomo/list.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/list.aliases}}}}
domains = lsearch;/etc/virtual/domainowners
file_transport = address_file
group = daemon
pipe_transport = majordomo_pipe
retry_use_local_part
no_rewrite
user = majordomo

majordomo_private:
driver = redirect
allow_defer
allow_fail
condition = "${if or { {eq {$received_protocol} {local}} \
{eq {$received_protocol} {spam-scanned}} } {true} {false} }"
data = ${if exists{/etc/virtual/${domain}/majordomo/private.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/private.aliases}}}}
domains = lsearch;/etc/virtual/domainowners
file_transport = address_file
group = daemon
pipe_transport = majordomo_pipe
retry_use_local_part
user = majordomo

domain_filter:
driver = redirect
allow_filter
no_check_local_user
condition = "${if exists{/etc/virtual/${domain}/filter}{yes}{no}}"
user = "mail"
file = /etc/virtual/${domain}/filter
file_transport = address_file
pipe_transport = virtual_address_pipe
retry_use_local_part
no_verify

uservacation:
driver = accept
condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/vacation.conf}{yes}{no}}
require_files = /etc/virtual/${domain}/reply/${local_part}.msg
transport = uservacation
unseen

userautoreply:
driver = accept
condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/autoresponder.conf}{yes}{no}}
require_files = /etc/virtual/${domain}/reply/${local_part}.msg
transport = userautoreply
unseen

virtual_aliases_nostar:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
retry_use_local_part
unseen

virtual_user:
driver = accept
condition = ${if eq {}{${if exists{/etc/virtual/${domain}/passwd}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}}}}}{no}{yes}}
domains = lsearch;/etc/virtual/domainowners
group = mail
retry_use_local_part
transport = virtual_localdelivery

virtual_aliases:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
retry_use_local_part


userforward:
driver = redirect
allow_filter
check_ancestor
check_local_user
no_expn
file = $home/.forward
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
no_verify

system_aliases:
driver = redirect
allow_defer
allow_fail
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe
retry_use_local_part

localuser:
driver = accept
check_local_user
condition = "${if eq {$domain} {$primary_hostname} {yes} {no}}"
transport = local_delivery





begin transports

amavis:
driver = smtp
port = 10024

spamcheck:
driver = pipe
batch_max = 100
command = /usr/sbin/exim -oMr spam-scanned -bS
current_directory = "/tmp"
group = mail
home_directory = "/tmp"
log_output
message_prefix =
message_suffix =
return_fail_output
no_return_path_add
transport_filter = /usr/bin/spamc -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}
use_bsmtp
user = mail


majordomo_pipe:
driver = pipe
group = daemon
return_fail_output
user = majordomo


local_delivery:
driver = appendfile
delivery_date_add
envelope_to_add
file = /var/mail/$local_part
group = mail
mode = 0660
return_path_add
user = ${local_part}


virtual_localdelivery:
driver = appendfile
create_directory
delivery_date_add
directory_mode = 700
envelope_to_add
file = /var/spool/virtual/${domain}/${local_part}
group = mail
mode = 660
return_path_add
user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}"
quota = ${if exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain}/quota}{$value}{0}}}{0}}

uservacation:
driver = autoreply
file = /etc/virtual/${domain}/reply/${local_part}.msg
from = "${local_part}@${domain}"
log = /etc/virtual/${domain}/reply/${local_part}.log
no_return_message
subject = "${if def:h_Subject: {Autoreply: $h_Subject:} {I am on vacation}}"
text = "\
------ ------\n\n\
This message was automatically generated by email software\n\
The delivery of your message has not been affected.\n\n\
------ ------\n\n"
to = "${sender_address}"
user = mail

userautoreply:
driver = autoreply
bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain}/autoresponder.conf}{$value}}
file = /etc/virtual/${domain}/reply/${local_part}.msg
from = "${local_part}@${domain}"
log = /etc/virtual/${domain}/reply/${local_part}.log
no_return_message
subject = "${if def:h_Subject: {Autoreply: $h_Subject:} {Autoreply Message}}"
to = "${sender_address}"
user = mail


remote_smtp:
driver = smtp


address_pipe:
driver = pipe
return_output

virtual_address_pipe:
driver = pipe
group = nobody
return_output
user = "${lookup{$domain}lsearch* {/etc/virtual/domainowners}{$value}}"


address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add


address_reply:
driver = autoreply





begin retry

* * F,2h,15m; G,16h,1h,1.5; F,4d,8h
 
Last edited:
Nothing jumps out at me, but the only other thing I can think of that would cause system users to fail authentication, is a problem with the /home/${systemuser}/.shadow file. Each system user that needs to authenticate with exim needs to have a .shadow file in their home directory with group permissions of mail or exim or what ever group your exim runs with. It should contain a crypted password. If you need to create a .shadow file, run this perl script in the home directory of the system user.

Code:
#!/usr/bin/perl
$clearpwd=$ARGV[0];
open(OUTFILE,">.shadow")||die "Could not create file .shadow. $!\n";
@letters = ('A' .. 'Z', 'a' .. 'z', '0' .. '9', '/', '.');
$salt = $letters[rand@letters] . $letters[rand@letters];
$crptpwd=crypt($clearpwd,$salt);
print OUTFILE $crptpwd;
close(OUTFILE);
Then fix your permissions properly.
 
I put the .shadow file in the dir, but the problem still exists..

any more help?

this is driving me insane..
 
davidb said:
I put the .shadow file in the dir, but the problem still exists..

any more help?

this is driving me insane..

Did you also make sure that exim has the ability to read that .shadow file? Make sure it is owned by user and group of mail, and have the permissions of 0640 (-rw-r-----).

I also assume you are using only the username as a login and not username@domainname, which would signal exim to look for this in the virtual passwd file.
 
Sure did.. Did I mention that sending works fine from squirrelmail?
This user used to work just fine btw...
 
Back
Top