Op 1/2/2018 om 10:48 PM schreef Daniel Kenzelmann:
Hi,
I'm not entirely sure whether this issue is with exim or with dovecot.
First some background: I'm using exim with dovecot-auth which in turn is using LDAP for authentication.
When using AUTH PLAIN with the optional initial response argument, everything is fine.
However when using AUTH PLAIN without the optional response argument, instead of getting an empty challenge ("334 ") as per RFC i am getting a "535 Incorrect authentication data".
Example: Working: 220 XXXX ESMTP 2018-01-02 22:32:33+0100 EHLO test 250-XXXX Hello XXXXX [x.x.x.x] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN 250-CHUNKING 250 HELP AUTH PLAIN XXXXXXXXXXXXXXXXXXXXXXXX== 235 Authentication succeeded
NOT-WORKING: 220 XXXX ESMTP 2018-01-02 22:34:37+0100 EHLO test 250-XXXX Hello XXXXX [x.x.x.x] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN 250-CHUNKING 250 HELP AUTH PLAIN 535 Incorrect authentication data
Here the SASL mechanism should return an empty challenge as per RFC (i.e. "334 " in SMTP):
This is a an error produced by Exim. I find the Exim error handling in Exim's implementation of the AUTH command rather peculiar. Still, I managed to decipher at least part of it.
That error is produced when FAIL status is returned from the driver:
https://github.com/Exim/exim/blob/master/src/src/smtp_in.c#L3665
This FAIL status can be returned by the driver itself, but -- in this case more likely -- the Dovecot driver in Exim also returns FAIL status when Dovecot auth service returns "FAIL":
https://github.com/Exim/exim/blob/master/src/src/auths/dovecot.c#L472
So, this may very well be an issue triggered by Dovecot. What version of Dovecot is this? Some things were modified in initial response handling recently (v2.3) and I may have messed up something.
Does Dovecot log anything interesting with auth_verbose and auth_debug enabled?
Regards,
Stephan.