On 20/05/13 23:40, Gedalya wrote:
On 05/20/2013 05:13 PM, Sebastian Arcus wrote:
On 20/05/13 17:12, Gedalya wrote:
On 05/20/2013 12:02 PM, Sebastian Arcus wrote:
Exim doesn't seem to have any variable expansion for the "From" field
If using the From header actually makes sense to you... then see $h_<header name> at http://www.exim.org/exim-html-current/doc/html/spec_html/ch-string_expansion...,
you probably want to restrict the usage of this as much as possible. The envelope sender must be empty for bounces and auto-replies, pretty good article here: https://github.com/Exim/exim/wiki/EximAutoReply Later I'll read through your whole message again and maybe I'll come up with something more concrete and detailed..
Thanks for that. I've just tried using $header_from: in my exim authenticator in client mode when talking to the provider's SMTP server in smart relay mode (instead of $sender_address) - but for some strange reason it just won't work. I've poured over the exim logs in debug mode - and so far I can't make sense of what is happening. I'll try some more to figure it out and get it working.
OK, now I had some more time to look at your situation. We can ask, do you really need the sender? How do you use it? You're trying to authenticate using the sender, do you have the passwords in a lookup file?
Yes - they are in a lookup file.
Perhaps this can be a good idea: set up a special authenticator with: client_condition = ${if match_ip{$sender_host_address}{:@[]}{1}{0}} so that it can only be used for locally submitted messages (this _should_ work, test it), and statically configure it with credentials that would work with your upstream SMTP server?
This is what I'm using at the moment to authenticate against the provider's SMTP server (upstream) in smtp smart relay mode:
fixed_plain_client:
driver = plaintext
public_name = PLAIN
client_send = ^$sender_address^${lookup{$sender_address}
lsearch{/etc/exim/exim-client.passwd}{$value}{fail}}
Either way, you shouldn't have an authenticator that would trust the From: header and do something with it, unless the situation is very tightly controlled. You probably want to put more restrictions there to make sure this works only when intended, i.e. dovecot autoreplies.
I only have internal lan clients connecting to this server - and even if, for any reason which I can't think at the moment - they would want to pass a fake "From:" header - it would be useless without passing the right password that goes with it.
Now, as for $header_from, first of all, it's "$header_from:", with the colon in the end.
Yes - I've tried it with the colon.
Yea, I know.
Secondly, I have no idea if it would be available in an authenticator.
I just tried it again, with debugging on, and I get the following:
212.227.15.163 in hosts_try_auth? yes (matched "auth.smtp.1and1.co.uk") scanning authentication mechanisms SMTP>> AUTH PLAIN ************************************ tls_do_write(bfac815f, 49) SSL_write(SSL, bfac815f, 49) outbytes=49 error=0 waiting for data on socket Calling SSL_read(8109288, bfac855f, 4096) read response data: size=37 SMTP<< 535 no password in decoded response fixed_plain_client authenticator yielded 2 LOG: MAIN fixed_plain_client authenticator failed H=auth.smtp.1and1.co.uk [212.227.15.163] 535 no password in decoded response
I don't think header_from: is available during authentication - or something else is happening which is escaping me right now.
Consider that an authenticator is not really something that is related to processing an individual message. One thing is for sure, you would need to set connection_max_messages = 1 in the smtp transport which would be handling these messages.
That's an interesting one. I've been running several sites for a few years now with exim in smart relay - without connection_max_messages = 1
- and had no problems so far. Maybe it's because only few lan clients are involved - or I've been lucky so far :-)
I know
that that helps to make $sender_address available in the authenticator, try your luck with $h_from: or try to pass that data in somehow, ACL variables or something, let me know how that goes - I'm curious, but if you need further help you should probably ask on the exim-users mailing list (and point me at the thread ;-))
I think I'll have to do that. Thanks again for all the suggestions.