Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: exim: users

AUTH FAIL not fatal error?

  

 
exim users RSS feed   Index | Next | Previous | View Threaded


Frank.Elsner at TU-Berlin

Apr 24, 2012, 12:07 PM

Post #1 of 6 (273 views)
Permalink
AUTH FAIL not fatal error?
Hi colleagues,
just curious:

Why is this not a fatal error resulting in a non-delivery report:

2012-04-24 17:21:03 1SMhY5-0004Nn-Vg == xxxx [at] xxxxxx R=via_egypt T=smtp defer (-42): authentication required but authentication attempt(s) failed


--Frank Elsner


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


jj33 at pobox

Apr 24, 2012, 12:19 PM

Post #2 of 6 (261 views)
Permalink
Re: AUTH FAIL not fatal error? [In reply to]
On Tue, Apr 24, 2012 at 3:07 PM, Frank Elsner <Frank.Elsner [at] tu-berlin> wrote:
>
> Hi colleagues,
>                just curious:
>
> Why is this not a fatal error resulting in a non-delivery report:
>
> 2012-04-24 17:21:03 1SMhY5-0004Nn-Vg == xxxx [at] xxxxxx R=via_egypt T=smtp defer (-42): authentication required but authentication attempt(s) failed

Is it possible that the remote server returned 4xx codes in response
to the authentication requests? I'm imagining the difference between
the server saying "4xx, I can't talk to my back end user database
right now" and "5xx, That's not a valid username/password combo"

--John

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


Frank.Elsner at TU-Berlin

Apr 24, 2012, 12:23 PM

Post #3 of 6 (262 views)
Permalink
Re: AUTH FAIL not fatal error? [In reply to]
On Tue, 24 Apr 2012 15:19:19 -0400 John Jetmore wrote:
> On Tue, Apr 24, 2012 at 3:07 PM, Frank Elsner <Frank.Elsner [at] tu-berlin> wrote:
> >
> > Hi colleagues,
> >                just curious:
> >
> > Why is this not a fatal error resulting in a non-delivery report:
> >
> > 2012-04-24 17:21:03 1SMhY5-0004Nn-Vg == xxxx [at] xxxxxx R=via_egypt T=smtp defer (-42): authentication required but authentication attempt(s) failed
>
> Is it possible that the remote server returned 4xx codes in response
> to the authentication requests? I'm imagining the difference between
> the server saying "4xx, I can't talk to my back end user database
> right now" and "5xx, That's not a valid username/password combo"

No. It's a 5xx:

2012-04-24 21:16:41 1SMlBZ-0007qG-4j client authenticator failed H=eg-mailfrontend.elgouna.tu-berlin.de [41.128.204.142] 535 Incorrect authentication data
2012-04-24 21:16:41 1SMlBZ-0007qG-4j == xxxx [at] xxxxxx R=via_egypt T=smtp defer (-42): authentication required but authentication attempt(s) failed

--Frank Elsner

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


tlyons at ivenue

Apr 24, 2012, 12:40 PM

Post #4 of 6 (260 views)
Permalink
Re: AUTH FAIL not fatal error? [In reply to]
On Tue, Apr 24, 2012 at 12:23 PM, Frank Elsner
<Frank.Elsner [at] tu-berlin> wrote:
>> > Why is this not a fatal error resulting in a non-delivery report:
>> > 2012-04-24 17:21:03 1SMhY5-0004Nn-Vg == xxxx [at] xxxxxx R=via_egypt T=smtp defer (-42): authentication required but authentication attempt(s) failed
>>
>> Is it possible that the remote server returned 4xx codes in response
>
> No. It's a 5xx:
>
> 2012-04-24 21:16:41 1SMlBZ-0007qG-4j client authenticator failed H=eg-mailfrontend.elgouna.tu-berlin.de [41.128.204.142] 535 Incorrect authentication data
> 2012-04-24 21:16:41 1SMlBZ-0007qG-4j == xxxx [at] xxxxxx R=via_egypt T=smtp defer (-42): authentication required but authentication attempt(s) failed

This is from the spec file, pay attention to the last sentence:

hosts_require_auth Use: smtp Type: host list† Default: unset

This option provides a list of servers for which authentication must
succeed before Exim will try to transfer a message. If authentication
fails for servers which are not in this list, Exim tries to send
unauthenticated. If authentication fails for one of these servers,
delivery is deferred. This temporary error is detectable in the retry
rules, so it can be turned into a hard failure if required.


I personally don't use anything more than the most basic retry rules,
so I do not know how to specifically do that last bit, likely others
will be able to provide better feedback.

...Todd
--
Always code as if the guy who ends up maintaining your code will be a
violent psychopath who knows where you live. -- Martin Golding

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


jj33 at pobox

Apr 24, 2012, 12:42 PM

Post #5 of 6 (261 views)
Permalink
Re: AUTH FAIL not fatal error? [In reply to]
On Tue, Apr 24, 2012 at 3:40 PM, Todd Lyons <tlyons [at] ivenue> wrote:
> On Tue, Apr 24, 2012 at 12:23 PM, Frank Elsner
> <Frank.Elsner [at] tu-berlin> wrote:
>>> > Why is this not a fatal error resulting in a non-delivery report:
>>> > 2012-04-24 17:21:03 1SMhY5-0004Nn-Vg == xxxx [at] xxxxxx R=via_egypt T=smtp defer (-42): authentication required but authentication attempt(s) failed
>>>
>>> Is it possible that the remote server returned 4xx codes in response
>>
>> No. It's a 5xx:
>>
>> 2012-04-24 21:16:41 1SMlBZ-0007qG-4j client authenticator failed H=eg-mailfrontend.elgouna.tu-berlin.de [41.128.204.142] 535 Incorrect authentication data
>> 2012-04-24 21:16:41 1SMlBZ-0007qG-4j == xxxx [at] xxxxxx R=via_egypt T=smtp defer (-42): authentication required but authentication attempt(s) failed
>
> This is from the spec file, pay attention to the last sentence:
>
> hosts_require_auth      Use: smtp       Type: host list†        Default: unset
>
> This option provides a list of servers for which authentication must
> succeed before Exim will try to transfer a message. If authentication
> fails for servers which are not in this list, Exim tries to send
> unauthenticated. If authentication fails for one of these servers,
> delivery is deferred. This temporary error is detectable in the retry
> rules, so it can be turned into a hard failure if required.
>
>
> I personally don't use anything more than the most basic retry rules,
> so I do not know how to specifically do that last bit, likely others
> will be able to provide better feedback.


Todd beat me to it, I found the same info but from a different
direction (chapter 33.5, Authenticaction by an Exim client)

If the response to authentication is a permanent error (5xx code),
Exim carries on searching the list
of authenticators and tries another one if possible. If all
authentication attempts give permanent
errors, or if there are no attempts because no mechanisms match (or
option expansions force
failure), what happens depends on whether the host matches
hosts_require_auth or hosts_try_
auth. In the first case, a temporary error is generated, and delivery
is deferred. The error can be
detected in the retry rules, and thereby turned into a permanent error
if you wish. In the second
case, Exim tries to deliver the message unauthenticated.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


Frank.Elsner at TU-Berlin

Apr 24, 2012, 3:20 PM

Post #6 of 6 (262 views)
Permalink
Re: AUTH FAIL not fatal error? [In reply to]
On Tue, 24 Apr 2012 15:42:44 -0400 John Jetmore wrote:

[ ... ]

> If the response to authentication is a permanent error (5xx code),
> Exim carries on searching the list
> of authenticators and tries another one if possible. If all
> authentication attempts give permanent
> errors, or if there are no attempts because no mechanisms match (or
> option expansions force
> failure), what happens depends on whether the host matches
> hosts_require_auth or hosts_try_

The host is in hosts_require_auth.

> auth. In the first case, a temporary error is generated, and delivery
> is deferred. The error can be
> detected in the retry rules, and thereby turned into a permanent error
> if you wish. In the second
> case, Exim tries to deliver the message unauthenticated.

Now I understand. Thanks to both.


--Frank Elsner

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.